63 lines
1.7 KiB
YAML
63 lines
1.7 KiB
YAML
# Dependabot configuration.
|
|
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
|
|
#
|
|
# Grouping keeps the update/security-alert volume manageable (one PR per group
|
|
# instead of one per advisory). Routine minor/patch bumps are batched; major
|
|
# bumps still arrive individually so they get review.
|
|
# Schedule: every Friday at 06:30 UTC / 12:00 IST.
|
|
|
|
version: 2
|
|
updates:
|
|
# TypeScript / npm workspace
|
|
- package-ecosystem: "npm"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "friday"
|
|
time: "06:30"
|
|
open-pull-requests-limit: 10
|
|
groups:
|
|
npm-production:
|
|
applies-to: version-updates
|
|
dependency-type: "production"
|
|
patterns: ["*"]
|
|
update-types: ["minor", "patch"]
|
|
npm-development:
|
|
applies-to: version-updates
|
|
dependency-type: "development"
|
|
patterns: ["*"]
|
|
update-types: ["minor", "patch"]
|
|
npm-security:
|
|
applies-to: security-updates
|
|
patterns: ["*"]
|
|
|
|
# Python SDK and provider packages
|
|
- package-ecosystem: "pip"
|
|
directories:
|
|
- "/python"
|
|
- "/python/providers/*"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "friday"
|
|
time: "06:30"
|
|
open-pull-requests-limit: 10
|
|
groups:
|
|
pip-version:
|
|
applies-to: version-updates
|
|
patterns: ["*"]
|
|
update-types: ["minor", "patch"]
|
|
pip-security:
|
|
applies-to: security-updates
|
|
patterns: ["*"]
|
|
|
|
# GitHub Actions workflow pins
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "friday"
|
|
time: "06:30"
|
|
groups:
|
|
github-actions:
|
|
patterns: ["*"]
|