The supported versions of the package manager.The YAML value to use in the dependabot.yml file.The following table shows, for each package manager: If you want to enable vendoring for a package manager that supports it, the vendored dependencies must be located in the required directory. The repository must also contain a dependency manifest or lock file for each of these package managers. You add one package-ecosystem element for each package manager that you want Dependabot to monitor for new versions. For more information about security updates, see " Configuring Dependabot security updates." package-ecosystem In general, security updates use any configuration options that affect pull requests, for example, adding metadata or changing their behavior. When configuration options are set for the same branch (true unless you use target-branch), and specify a package-ecosystem and directory for the vulnerable manifest, then pull requests for security updates use relevant options. Security updates are raised for vulnerable package manifests only on the default branch. Note: Some of these configuration options may also affect pull requests raised for security updates of vulnerable package manifests. In addition, the open-pull-requests-limit option changes the maximum number of pull requests for version updates that Dependabot can open. Options to change the behavior of the pull requests: target-branch, versioning-strategy, commit-message, rebase-strategy, parator.Options to add metadata to pull requests: reviewers, assignees, labels, milestone.Options to control which dependencies are updated: allow, groups, ignore, vendor.Options to customize the update schedule: schedule.time, schedule.timezone, schedule.day.Essential set up options that you must include in all configurations: package-ecosystem, directory, schedule.interval.These options fit broadly into the following categories. How to update manifest version requirements Timezone for time of day (zone identifier) Private registries that Dependabot can access Limit number of open pull requests for version updatesĬhange separator for pull request branch names OptionĮnable ecosystems that have beta-level supportĪllow or deny code execution in manifest files Each entry configures the update settings for a particular package manager. You use it to configure how Dependabot updates the versions or your project's dependencies. Configuration options for the dependabot.yml file You can, optionally, include a top-level registries key. The dependabot.yml file has two mandatory top-level keys: version, and updates. Note: You cannot configure Dependabot alerts using the dependabot.yml file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |