mirrors/tendermint
1
0
Fork 0
mirror of https://github.com/tendermint/tendermint.git synced 2026-01-05 04:55:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: Only allow automated security-related updates until v0.37.0 release (#9430)

Browse Source 
As per discussion with @sergio-mena, this should disable all automated
dependency updates that are not security-related. We should make this
part of our standard practice when cutting new major releases, given
that our QA process for major releases is expensive at present and we
cannot re-run it for every dependency update.

Once we have cut a final major release, we can consider re-enabling
automated dependency updates here that can be rolled out in minor
releases.

Signed-off-by: Thane Thomson <connect@thanethomson.com>

Signed-off-by: Thane Thomson <connect@thanethomson.com>
This commit is contained in:
Thane Thomson
2022-09-13 16:46:34 -04:00
committed by GitHub
parent 7bd84cd8cc
commit 10f3626e6f
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/dependabot.yml vendored
View File

@@ -55,7 +55,9 @@ updates:
schedule:
interval: weekly
target-branch: "v0.37.x"
open-pull-requests-limit: 10
# Only allow automated security-related dependency updates until we cut the
# final v0.37.0 release.
open-pull-requests-limit: 0
labels:
- T:dependencies
- S:automerge