.github/dependabot.yml
# see https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
day: thursday
# Maintain dependencies for yarn
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
day: wednesday
ignore:
# disable version updates of anything, security updates unaffected
- dependency-name: "*"
update-types: ["version-update:semver-patch", "version-update:semver-minor", "version-update:semver-major"]
# Maintain dependencies for Bundler
- package-ecosystem: "bundler"
directory: "/"
schedule:
interval: "weekly"
day: tuesday
ignore:
# disable version updates of anything, security updates unaffected
- dependency-name: "*"
update-types: ["version-update:semver-patch", "version-update:semver-minor", "version-update:semver-major"]