Commits on Sep 12, 2023

1. Add dependabot configuration file …

   This automatically enables Dependabot to:
   * Submit pull requests for security updates and version updates for Composer dependencies.
   * Submit pull requests for security updates and version updates for GH Action runner dependencies.
   
   For Composer dependencies, a preference is given to _widen_ the version restrictions instead of updating them to a new minimum.
   This is a deliberate choice as this package is a library, not an application.
   
   The configuration has been set up to:
   * Run once a week.
   * Submit a maximum of 5 pull requests at a time.
       If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
   * The commit messages for PRs submitted by Dependabot will be prefixed according the unofficial conventions used in this repo up to now.
   * The PRs will automatically be labelled with an appropriate label as already in use in this repo.
   
   Additionally, for Composer updates, I've applied the following restrictions:
   * Only allow updates for "dev" dependencies, as non-dev dependencies (PHPCS, Composer Installers) will need a code review and likely warrant code changes.
   * Ignore major releases of the PHPUnit Polyfills package (= new PHPUnit major) as those generally require a managed update of the test suite.
   
   Refs:
   * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
   * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#versioning-strategy

   

   jrfnl committed Sep 12, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for cbdac19
   • Browse repository at this point

   Copy the full SHA

   cbdac19 View commit details

   Browse the repository at this point in the history