.github/dependabot.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: npm
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct

  - package-ecosystem: bundler
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct

  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct

  - package-ecosystem: docker
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    ignore:
      - dependency-name: 'moritzheiber/ruby-jemalloc'
        update-types:
          # only suggest patch releases for ruby and needs to sync with .ruby-version
          - 'version-update:semver-minor'
      - dependency-name: 'node'
        update-types:
          # only node minor releases allowed unless .nvmrc major is changed
          - 'version-update:semver-major'