PHPMailer

Commit Graph

Author	SHA1	Message	Date
jrfnl	7ff3620f50	Dependabot/gh-actions: move to bi-weekly schedule 👉 Important: this is for version updates only, not for security updates, which are handled separately and don't depend on this configuration. --- PR 3229 updated the GitHub Actions workflows used in this repo to use "pinned" versions for external action runners to improve workflow security. The current "frequency" is weekly. As these updates are rarely time-sensitive, it should be fine to receive them less frequently. This commit tries to make it so by changing the Dependabot schedule for GitHub Actions to once every two weeks and late in the day when the queue should be mostly empty (as long as it's not a Monday), so the update PR will come in on a more predictable schedule.	2025-12-08 12:36:18 +01:00
jrfnl	5ce9b04aae	Dependabot: update config This commit makes the following change to the Dependabot config: * It introduces a "group". By default Dependabot raises individual PRs for each update. Now, it will group updates to new minor or patch release for all action runners into a single PR. Updates to new major releases of action runners will still be raised as individual PRs. Refs: * https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates * https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference	2025-09-20 05:10:40 +02:00
jrfnl	b7ba94e0f5	Add dependabot configuration file This commit adds an initial Dependabot configuration to: * Submit pull requests for security updates and version updates for GH Action runner dependencies. At a later point in time, it could be considered to enable it for Composer dependencies as well. The configuration has been set up to: * Run weekly. * Submit a maximum of 5 pull requests at a time. If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged. * The commit messages for PRs submitted by Dependabot will be prefixed with "GH Actions:" similar to previous PRs I've submitted manually for the same.	2022-04-07 14:04:02 +02:00

Author

SHA1

Message

Date

jrfnl

7ff3620f50

Dependabot/gh-actions: move to bi-weekly schedule

👉 Important: this is for **version** updates only, not for security updates, which are handled separately and don't depend on this configuration.

---

PR 3229 updated the GitHub Actions workflows used in this repo to use "pinned" versions for external action runners to improve workflow security.

The current "frequency" is weekly. As these updates are rarely time-sensitive, it should be fine to receive them less frequently.

This commit tries to make it so by changing the Dependabot schedule for GitHub Actions to once every two weeks and late in the day when the queue should be mostly empty (as long as it's not a Monday), so the update PR will come in on a more predictable schedule.

2025-12-08 12:36:18 +01:00

jrfnl

5ce9b04aae

Dependabot: update config

This commit makes the following change to the Dependabot config:
* It introduces a "group".
    By default Dependabot raises individual PRs for each update. Now, it will group updates to new minor or patch release for all action runners into a single PR.
    Updates to new major releases of action runners will still be raised as individual PRs.

Refs:
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/optimizing-pr-creation-version-updates
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference

2025-09-20 05:10:40 +02:00

jrfnl

b7ba94e0f5

Add dependabot configuration file

This commit adds an initial Dependabot configuration to:
* Submit pull requests for security updates and version updates for GH Action runner dependencies.

At a later point in time, it could be considered to enable it for Composer dependencies as well.

The configuration has been set up to:
* Run weekly.
* Submit a maximum of 5 pull requests at a time.
    If additional pull requests are needed, these will subsequently be submitted the next time Dependabot runs after one or more of the open pull requests have been merged.
* The commit messages for PRs submitted by Dependabot will be prefixed with "GH Actions:" similar to previous PRs I've submitted manually for the same.

2022-04-07 14:04:02 +02:00

3 Commits