glitch-social/.github/dependabot.yml

46 lines
1.3 KiB
YAML

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: npm
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
allow:
- dependency-type: direct
- package-ecosystem: bundler
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
allow:
- dependency-type: direct
- package-ecosystem: github-actions
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
allow:
- dependency-type: direct
- package-ecosystem: docker
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
ignore:
- dependency-name: 'moritzheiber/ruby-jemalloc'
update-types:
# only suggest patch releases for ruby and needs to sync with .ruby-version
- 'version-update:semver-minor'
- dependency-name: 'node'
update-types:
# only node minor releases allowed unless .nvmrc major is changed
- 'version-update:semver-major'