mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-03-18 10:44:10 +00:00
379eecacb0
It's good practice to get dependabot to wait after a release before bumping to avoid it bumping to a release done seconds before, which could have supply-chain security implications, so add a 7 day cooldown to help with this. See https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns Signed-off-by: stevenhorsman <steven@uk.ibm.com>
99 lines
2.3 KiB
YAML
99 lines
2.3 KiB
YAML
---
|
|
version: 2
|
|
updates:
|
|
- package-ecosystem: "cargo"
|
|
directories:
|
|
- "/src/agent"
|
|
- "/src/dragonball"
|
|
- "/src/libs"
|
|
- "/src/mem-agent"
|
|
- "/src/mem-agent/example"
|
|
- "/src/runtime-rs"
|
|
- "/src/tools/agent-ctl"
|
|
- "/src/tools/genpolicy"
|
|
- "/src/tools/kata-ctl"
|
|
- "/src/tools/trace-forwarder"
|
|
schedule:
|
|
interval: "daily"
|
|
cooldown:
|
|
default-days: 7
|
|
ignore:
|
|
# rust-vmm repos might cause incompatibilities on patch versions, so
|
|
# lets handle them manually for now.
|
|
- dependency-name: "event-manager"
|
|
- dependency-name: "kvm-bindings"
|
|
- dependency-name: "kvm-ioctls"
|
|
- dependency-name: "linux-loader"
|
|
- dependency-name: "seccompiler"
|
|
- dependency-name: "vfio-bindings"
|
|
- dependency-name: "vfio-ioctls"
|
|
- dependency-name: "virtio-bindings"
|
|
- dependency-name: "virtio-queue"
|
|
- dependency-name: "vm-fdt"
|
|
- dependency-name: "vm-memory"
|
|
- dependency-name: "vm-superio"
|
|
- dependency-name: "vmm-sys-util"
|
|
# As we often have up to 8/9 components that need the same versions bumps
|
|
# create groups for common dependencies, so they can all go in a single PR
|
|
# We can extend this as we see more frequent groups
|
|
groups:
|
|
bit-vec:
|
|
patterns:
|
|
- bit-vec
|
|
bumpalo:
|
|
patterns:
|
|
- bumpalo
|
|
clap:
|
|
patterns:
|
|
- clap
|
|
crossbeam:
|
|
patterns:
|
|
- crossbeam
|
|
h2:
|
|
patterns:
|
|
- h2
|
|
idna:
|
|
patterns:
|
|
- idna
|
|
openssl:
|
|
patterns:
|
|
- openssl
|
|
protobuf:
|
|
patterns:
|
|
- protobuf
|
|
rsa:
|
|
patterns:
|
|
- rsa
|
|
rustix:
|
|
patterns:
|
|
- rustix
|
|
slab:
|
|
patterns:
|
|
- slab
|
|
time:
|
|
patterns:
|
|
- time
|
|
tokio:
|
|
patterns:
|
|
- tokio
|
|
tracing:
|
|
patterns:
|
|
- tracing
|
|
|
|
- package-ecosystem: "gomod"
|
|
directories:
|
|
- "src/runtime"
|
|
- "tools/testing/kata-webhook"
|
|
- "src/tools/csi-kata-directvolume"
|
|
schedule:
|
|
interval: "daily"
|
|
cooldown:
|
|
default-days: 7
|
|
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "monthly"
|
|
cooldown:
|
|
default-days: 7
|