ci: add dependabot security updates (#177)

This PR updates the dependabot configuration adding security updates. --------- Co-authored-by: Leandro Ferrigno <leanrafa@gmail.com>
Layr-Labs · Jan 16, 2025 · 1e05bb1 · 1e05bb1
1 parent 47b3235
commit 1e05bb1
Showing 1 changed file with 35 additions and 7 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,11 +1,39 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
 version: 2
+
 updates:
-  - package-ecosystem: "gomod" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  # Group Security Updates
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "08:00"
+      timezone: "America/Los_Angeles"
+    target-branch: "main"
+    commit-message:
+      prefix: "[golang-security]"
+      include: "scope"
+    pull-request-branch-name:
+      separator: "-"
+    open-pull-requests-limit: 0
+    reviewers:
+      - "Layr-Labs/avs-devnet"
+    labels:
+      - "security"
+      - "golang"
+    allow:
+      - dependency-type: "direct"
+    groups:
+      security-updates:
+        applies-to: security-updates
+        patterns:
+          - "*"
+        update-types:
+          - "minor"
+          - "patch"
+          - "major"
+
+  # Version updates
+  - package-ecosystem: "gomod"
+    directory: "/"
     schedule:
       interval: "weekly"