cc-audit 3.4.0

Security auditor for Claude Code skills, hooks, and MCP servers
Documentation
version: 2
updates:
  # Rust dependencies
  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 10
    commit-message:
      # Use a Conventional Commits type accepted by commitlint / the
      # semantic-PR check. "deps" is not a valid type, so dependency updates
      # are classified as "build" (per the project's commit-type convention).
      prefix: "build(deps)"
    labels:
      - "dependencies"
      - "rust"
    groups:
      rust-minor:
        patterns:
          - "*"
        update-types:
          - "minor"
          - "patch"

  # GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    commit-message:
      # Same rationale as the cargo ecosystem above: "build" is a valid
      # Conventional Commits type, "deps" is not.
      prefix: "build(deps)"
    labels:
      - "dependencies"
      - "github-actions"
    groups:
      actions:
        patterns:
          - "*"