You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature: Hash-pin sensitive workflow dependencies and enable dependabot for them (#332)
* feat: hash-pin sensitive workflows
Signed-off-by: Diogo Teles Sant'Anna <[email protected]>
* feat: configure dependabot to run over github actions
This also is specifying how dependabot will work on updates for go
modules.
The config is set up to:
- Update github actions together in a single monthly PR
- Version updates for GO modules from "/go.mod" will be sent together in a weekly PR.
- Version updates for GO modules from "/v2/go.mod" will be sent separately from the
ones in "/go.mod", but will also be sent together in a weekly PR.
Signed-off-by: Diogo Teles Sant'Anna <[email protected]>
---------
Signed-off-by: Diogo Teles Sant'Anna <[email protected]>
0 commit comments