From 92ee89e8e5150920dc225384b9f7f4a543af31a5 Mon Sep 17 00:00:00 2001 From: Tim Donohue Date: Wed, 23 Oct 2024 11:31:16 -0500 Subject: [PATCH] Fix bug in dependabot.yml "security-updates" settings "security-updates" configs can only be in sections where there is no "target-branch". This is because they only apply to the primary branch. --- .github/dependabot.yml | 122 ++--------------------------------------- 1 file changed, 6 insertions(+), 116 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 51c8be4bbc..4d49cc5117 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,16 @@ -# Enable Dependabot NPM updates for all dependencies on a weekly basis +#------------------- +# DSpace's dependabot rules. Enables npm updates for all dependencies on a weekly basis +# for main and any maintenance branches. Security updates only apply to main. +#------------------- version: 2 updates: ############### ## Main branch ############### + # NOTE: At this time, "security-updates" rules only apply if "target-branch" is unspecified + # So, only this first section can include "applies-to: security-updates" - package-ecosystem: "npm" directory: "/" - target-branch: main schedule: interval: "weekly" # Allow up to 10 open PRs for dependencies @@ -159,14 +163,6 @@ updates: update-types: - "minor" - "patch" - # Group together all security updates for Angular. Only accept minor/patch types. - angular-security: - applies-to: security-updates - patterns: - - "@angular*" - update-types: - - "minor" - - "patch" # Group together all minor/patch version updates for NgRx in a single PR ngrx: applies-to: version-updates @@ -175,14 +171,6 @@ updates: update-types: - "minor" - "patch" - # Group together all security updates for NgRx. Only accept minor/patch types. - ngrx-security: - applies-to: security-updates - patterns: - - "@ngrx*" - update-types: - - "minor" - - "patch" # Group together all patch version updates for eslint in a single PR eslint: applies-to: version-updates @@ -192,15 +180,6 @@ updates: update-types: - "minor" - "patch" - # Group together all security updates for eslint. - eslint-security: - applies-to: security-updates - patterns: - - "@typescript-eslint*" - - "eslint*" - update-types: - - "minor" - - "patch" # Group together any testing related version updates testing: applies-to: version-updates @@ -213,18 +192,6 @@ updates: update-types: - "minor" - "patch" - # Group together any testing related security updates - testing: - applies-to: security-updates - patterns: - - "@cypress*" - - "cypress*" - - "jasmine*" - - "karma*" - - "ng-mocks" - update-types: - - "minor" - - "patch" # Group together any postcss related version updates postcss: applies-to: version-updates @@ -233,23 +200,7 @@ updates: update-types: - "minor" - "patch" - # Group together any postcss related security updates - postcss: - applies-to: security-updates - patterns: - - "postcss*" - update-types: - - "minor" - - "patch" # Group together any sass related version updates - sass: - applies-to: version-updates - patterns: - - "sass*" - update-types: - - "minor" - - "patch" - # Group together any sass related security updates sass: applies-to: version-updates patterns: @@ -265,14 +216,6 @@ updates: update-types: - "minor" - "patch" - # Group together any webpack related seurity updates - webpack: - applies-to: security-updates - patterns: - - "webpack*" - update-types: - - "minor" - - "patch" ignore: # Ignore all major version updates for all dependencies. We'll only automate minor/patch updates. - dependency-name: "*" @@ -297,14 +240,6 @@ updates: update-types: - "minor" - "patch" - # Group together all security updates for Angular. Only accept minor/patch types. - angular-security: - applies-to: security-updates - patterns: - - "@angular*" - update-types: - - "minor" - - "patch" # Group together all minor/patch version updates for NgRx in a single PR ngrx: applies-to: version-updates @@ -313,14 +248,6 @@ updates: update-types: - "minor" - "patch" - # Group together all security updates for NgRx. Only accept minor/patch types. - ngrx-security: - applies-to: security-updates - patterns: - - "@ngrx*" - update-types: - - "minor" - - "patch" # Group together all patch version updates for eslint in a single PR eslint: applies-to: version-updates @@ -330,15 +257,6 @@ updates: update-types: - "minor" - "patch" - # Group together all security updates for eslint. - eslint-security: - applies-to: security-updates - patterns: - - "@typescript-eslint*" - - "eslint*" - update-types: - - "minor" - - "patch" # Group together any testing related version updates testing: applies-to: version-updates @@ -351,18 +269,6 @@ updates: update-types: - "minor" - "patch" - # Group together any testing related security updates - testing: - applies-to: security-updates - patterns: - - "@cypress*" - - "cypress*" - - "jasmine*" - - "karma*" - - "ng-mocks" - update-types: - - "minor" - - "patch" # Group together any postcss related version updates postcss: applies-to: version-updates @@ -371,14 +277,6 @@ updates: update-types: - "minor" - "patch" - # Group together any postcss related security updates - postcss: - applies-to: security-updates - patterns: - - "postcss*" - update-types: - - "minor" - - "patch" # Group together any sass related version updates sass: applies-to: version-updates @@ -387,14 +285,6 @@ updates: update-types: - "minor" - "patch" - # Group together any sass related security updates - sass: - applies-to: version-updates - patterns: - - "sass*" - update-types: - - "minor" - - "patch" ignore: # 7.x Cannot update Webpack past v5.76.1 as later versions not supported by Angular 15 # See also https://github.com/DSpace/dspace-angular/pull/3283#issuecomment-2372488489