|
1 | | -# To get started with Dependabot version updates, you'll need to specify which |
2 | | -# package ecosystems to update and where the package manifests are located. |
3 | | -# Please see the documentation for all configuration options: |
4 | | -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates |
5 | | - |
6 | | -# `dependabot.yml` file with updates |
7 | | -# disabled for Docker and limited for npm |
| 1 | +# Basic `dependabot.yml` file with |
| 2 | +# minimum configuration for two package managers |
8 | 3 |
|
9 | 4 | version: 2 |
10 | 5 | updates: |
11 | | - # Configuration for Dockerfile |
12 | | - - package-ecosystem: "docker" |
| 6 | + # Enable version updates for npm |
| 7 | + - package-ecosystem: "npm" |
| 8 | + # Look for `package.json` and `lock` files in the `root` directory |
13 | 9 | directory: "/" |
| 10 | + # Check the npm registry for updates every day (weekdays) |
14 | 11 | schedule: |
15 | | - interval: "weekly" |
16 | | - # Disable all pull requests for Docker dependencies |
17 | | - open-pull-requests-limit: 0 |
| 12 | + interval: "daily" |
18 | 13 |
|
19 | | - # Configuration for npm |
20 | | - - package-ecosystem: "npm" |
| 14 | + # Enable version updates for Docker |
| 15 | + - package-ecosystem: "docker" |
| 16 | + # Look for a `Dockerfile` in the `root` directory |
21 | 17 | directory: "/" |
| 18 | + # Check for updates once a week |
22 | 19 | schedule: |
23 | 20 | interval: "weekly" |
24 | | - ignore: |
25 | | - # Ignore updates to packages that start with 'aws' |
26 | | - # Wildcards match zero or more arbitrary characters |
27 | | - - dependency-name: "aws*" |
28 | | - # Ignore some updates to the 'express' package |
29 | | - - dependency-name: "express" |
30 | | - # Ignore only new versions for 4.x and 5.x |
31 | | - versions: ["4.x", "5.x"] |
32 | | - # For all packages, ignore all patch updates |
33 | | - - dependency-name: "*" |
34 | | - update-types: ["version-update:semver-patch"] |
0 commit comments