[misc] add the dependabot config of the buildscripts

See inline docs for rationals of each (non-trivial) option.
This commit is contained in:
Jakob Ackermann 2020-09-04 09:23:20 +01:00
parent 7c9ec6c638
commit ccb05e09c1
No known key found for this signature in database
GPG key ID: 30C56800FCA3828A

17
.github/dependabot.yml vendored Normal file
View file

@ -0,0 +1,17 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
pull-request-branch-name:
# Separate sections of the branch name with a hyphen
# Docker images use the branch name and do not support slashes in tags
# https://github.com/overleaf/google-ops/issues/822
# https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#pull-request-branch-nameseparator
separator: "-"
# Block informal upgrades -- security upgrades use a separate queue.
# https://docs.github.com/en/github/administering-a-repository/configuration-options-for-dependency-updates#open-pull-requests-limit
open-pull-requests-limit: 0