From ba3c364bb11597d3094c1c736beae10e0c49c7ae Mon Sep 17 00:00:00 2001
From: MCJ Vasseur <14887731+vmcj@users.noreply.github.com>
Date: Mon, 24 Nov 2025 07:52:57 +0100
Subject: [PATCH] Dependabot checks for security issues in npm packages

---
 .github/dependabot.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 34062afbb8..98ad43c387 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,7 +1,15 @@
 version: 2
 updates:
   - package-ecosystem: "composer"
-    directory: "/"
+    directory: "/webapp"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 0
+    versioning-strategy: increase-if-necessary
+    allow:
+        - dependency-type: "all"
+  - package-ecosystem: "npm"
+    directory: "/webapp"
     schedule:
       interval: "daily"
     open-pull-requests-limit: 0