Merge pull request #327 from MechanicalRock/security/dependabot

Added Dependabot config
MechanicalRock · Jun 28, 2024 · b4d3cf1 · b4d3cf1
2 parents 283c880 + 54ef2d2
commit b4d3cf1
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -0,0 +1 @@
+@MechanicalRock/websiteadmins
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,22 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/backend/"
+    schedule:
+      interval: "weekly"
+    # Disable version updates for npm dependencies - this will still let security update PRs to be created
+    open-pull-requests-limit: 0
+    reviewers:
+      - "@MechanicalRock/websiteadmins"
+    labels:
+      - "npm security updates"
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Disable version updates for npm dependencies - this will still let security update PRs to be created
+    open-pull-requests-limit: 0
+    reviewers:
+      - "@MechanicalRock/websiteadmins"
+    labels:
+      - "npm security updates"
diff --git a/CODEOWNERS b/CODEOWNERS