From c2a0284345f2cf9a319c690cce4ce49f8aee4ed4 Mon Sep 17 00:00:00 2001 From: Chris Reddington <791642+chrisreddington@users.noreply.github.com> Date: Wed, 12 Feb 2025 11:18:42 +0000 Subject: [PATCH 1/2] Add NPM dependabot config --- .github/dependabot.yml | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index f33a02c..5c9d715 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,7 +6,21 @@ version: 2 updates: - - package-ecosystem: "devcontainers" - directory: "/" - schedule: - interval: weekly + - package-ecosystem: "devcontainers" + directory: "/" + schedule: + interval: weekly + - package-ecosystem: npm + directory: /possible-solutions/ + schedule: + interval: weekly + groups: + npm-development: + dependency-type: development + update-types: + - minor + - patch + npm-production: + dependency-type: production + update-types: + - patch From cb8a742ae592aa53bd6cb3353dd9d6d177fefe50 Mon Sep 17 00:00:00 2001 From: Chris Reddington <791642+chrisreddington@users.noreply.github.com> Date: Wed, 12 Feb 2025 13:31:00 +0000 Subject: [PATCH 2/2] Update Dependabot configuration file comments --- .github/dependabot.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5c9d715..65ce327 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,8 +1,11 @@ -# To get started with Dependabot version updates, you'll need to specify which -# package ecosystems to update and where the package manifests are located. -# Please see the documentation for more information: -# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates -# https://containers.dev/guide/dependabot +# This is the dependabot configuration file that automates dependency updates +# Updates section configures how dependabot should handle dependency updates: +# - Monitors devcontainer features in the root directory (though convention is .devcontainer and it should check there by default) +# - Monitors NPM dependencies in the possible-solutions directory +# - Checks for updates weekly +# - Groups updates based on their type (dev grouped by minor/patch or prod grouped by patch) +# +# Learn more at https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#configuration-options-for-the-dependabotyml-file version: 2 updates: