diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7c862834e..8fd960c55 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -4,15 +4,23 @@ # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates version: 2 + +# Define reusable security configuration using YAML anchors +x-security-config: &default-security-config + schedule: + interval: weekly + cooldown: + default-days: 7 + semver-major-days: 7 + semver-minor-days: 7 + semver-patch-days: 7 updates: - package-ecosystem: mix directory: elixir/ - schedule: - interval: monthly + <<: *default-security-config - package-ecosystem: pip directory: /.github - schedule: - interval: monthly + <<: *default-security-config - package-ecosystem: github-actions directories: - "/" @@ -25,13 +33,11 @@ updates: - "/.github/actions/setup-postgres" - "/.github/actions/setup-rust" - "/.github/actions/setup-tauri-v2" - schedule: - interval: monthly + <<: *default-security-config - package-ecosystem: cargo directory: rust/ open-pull-requests-limit: 20 - schedule: - interval: weekly + <<: *default-security-config groups: tauri: patterns: @@ -67,8 +73,7 @@ updates: - rand_* - package-ecosystem: gradle directory: kotlin/android/ - schedule: - interval: monthly + <<: *default-security-config ignore: # Depends on JDK version which is bundled with Android Studio (JDK 17) - dependency-name: org.jetbrains.kotlin:kotlin-gradle-plugin @@ -127,16 +132,13 @@ updates: - package-ecosystem: swift directory: swift/apple/FirezoneKit - schedule: - interval: monthly + <<: *default-security-config - package-ecosystem: npm directory: website/ - schedule: - interval: monthly + <<: *default-security-config - package-ecosystem: npm directory: rust/gui-client/ - schedule: - interval: monthly + <<: *default-security-config groups: tauri: patterns: @@ -161,5 +163,4 @@ updates: - "@types/react-dom" - package-ecosystem: npm directory: elixir/apps/web/assets/ - schedule: - interval: monthly + <<: *default-security-config