# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
# NPM dependency updates configuration
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
versioning-strategy: "lockfile-only"
open-pull-requests-limit: 10
# Control which updates to perform
groups:
# Major version updates separate, minor and patch together
production:
dependency-type: "production"
update-types:
- "minor"
- "patch"
commit-message:
prefix: "deps"
include: "scope"
# GitHub Actions workflow updates configuration
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
open-pull-requests-limit: 5
groups:
github-actions:
patterns:
- "*"