From a36449d7254f907c70121620061d710421d89c72 Mon Sep 17 00:00:00 2001 From: Akihito Koriyama Date: Sat, 2 Nov 2024 22:16:31 +0900 Subject: [PATCH] Enable Dependabot alerts for major Composer updates This configuration file sets up Dependabot to check for major version updates to Composer dependencies on a weekly basis. Minor and patch updates are ignored to focus only on significant changes. --- .github/dependabot.yml | 14 ++++++++++++++ .github/workflows/continuous-integration.yml | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a93145d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +# Alerts only major updates for Packagist (Composer) +# +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + - package-ecosystem: "composer" # Specify the correct package ecosystem for PHP + directory: "/" # Location of package manifests + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" # Ignore all dependencies for specific update types + update-types: ["version-update:semver-minor", "version-update:semver-patch"] diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index a1722b0..2ffa22c 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -9,5 +9,5 @@ jobs: ci: uses: ray-di/.github/.github/workflows/continuous-integration.yml@v1 with: - old_stable: '["7.2", "7.3", "7.4", "8.0", "8.1", , "8.2", , "8.3"]' + old_stable: '["7.2", "7.3", "7.4", "8.0", "8.1", "8.2", "8.3"]' current_stable: 8.4