Skip to content

Commit

Permalink
github: configure dependency detection
Browse files Browse the repository at this point in the history 
This change adds dependabot configuration with updates disabled to
allow for restriction of manifest file selection used by the
dependency graph.

Ref: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
  • Loading branch information
@abn
abn committed Oct 30, 2021
1 parent c6b19b3 commit 3bbec0c
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 2

updates:
- package-ecosystem: "pip"
directory: "/"
schedule:
interval: "monthly"
# keep dependency updates manual for now
open-pull-requests-limit: 0
reviewers:
- "python-poetry/triage"

0 comments on commit 3bbec0c

Please sign in to comment.