Skip to main content

security_updates_only

Configuration

name: security_updates_only
type: int
default: 0
{
  "name": "company/project",
  "extra": {
    "violinist": {
      "security_updates_only": 0
    }
  }
}

Only update security updates to dependencies.

Explanation

If you are only interested in getting automated pull requests for security updates to your dependencies, this option will do that for you.

Example

Say you have a project with a lot of updates coming in all the time, but you are only interested in getting security updates through violinist. Then you would change the option security_updates_only to 1. So in practice, change composer.json to look something like this:

{
  "name": "company/project",
  "description": "My awesome project",
  "require": {
    "vendor/package": "~1.0.0",
  },
  "extra": {
    "violinist": {
      "security_updates_only": 1
    }
  }
}

This way, violinist will only send pull requests if a security updates is released of the package vendor/package. For a regular update, no pull request is created.

Edit this page
Last updated on by Eirik Stanghelle Morland