Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 37 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Weekly version-bump PRs, gated by build.yml before merge.
version: 2
updates:
- package-ecosystem: 'npm' # covers the pnpm workspace
directory: '/'
schedule:
interval: 'weekly'
open-pull-requests-limit: 10
cooldown: # wait out a release before bumping (supply-chain safety)
default-days: 7
commit-message: # prefix keeps titles conventional-commit valid
prefix: 'chore'
include: 'scope'
groups:
npm-dependencies: # batch routine bumps into one PR
patterns:
- '*'
# Isolate warlock: a new rule category breaks the typed copy map
# (src/lib/yara-hooks.ts), so its bump needs its own PR.
exclude-patterns:
- '@posthog/warlock'

# Actions are SHA-pinned; bump the SHA and its version comment.
- package-ecosystem: 'github-actions'
directory: '/'
schedule:
interval: 'weekly'
open-pull-requests-limit: 5
cooldown:
default-days: 7
commit-message:
prefix: 'ci'
include: 'scope'
groups:
github-actions:
patterns:
- '*'
Loading