mirror of
https://github.com/sharkdp/fd.git
synced 2026-03-26 23:38:14 +00:00
7014993561
* Set dependabot cooldown timer of 7 days, which helps mitigate stability and supply-chain security risks. For more info, see https://docs.zizmor.sh/audits/#dependabot-cooldown * Restrict write permissions to the job that actually needs them. * Set `persist-credentials: false` for `actions/checkout`. See https://docs.zizmor.sh/audits/#artipacked * Use environment variables instead of template expansions in code contexts. See https://docs.zizmor.sh/audits/#template-injection * Pin action dependencies to SHA hashes.
15 lines
279 B
YAML
15 lines
279 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: "cargo"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "monthly"
|
|
cooldown:
|
|
default-days: 7
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
cooldown:
|
|
default-days: 7
|