.github/dependabot.yml
# NatLibFi/Melinda maintenance strategy
# https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
version: 2
updates:
# Maintain dependencies for GitHub Actions
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
time: "06:30"
timezone: "Europe/Helsinki"
target-branch: "next"
# Minor updates to npm production dependencies daily
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
time: "06:45"
timezone: "Europe/Helsinki"
versioning-strategy: lockfile-only
target-branch: "next"
pull-request-branch-name:
separator: "-"
groups:
production-dependencies:
dependency-type: "production"
development-dependencies:
dependency-type: "development"
# Major updates to npm dependencies weekly @tuesday
# Not possible yet https://github.com/dependabot/dependabot-core/issues/1778
# - package-ecosystem: "npm"
# directory: "/"
# schedule:
# interval: "weekly"
# day: "tuesday"
# time: "07:00"
# timezone: "Europe/Helsinki"
# versioning-strategy: increase-if-necessary
# labels:
# - "npm major dependencies"
# reviewers:
# - "natlibfi/melinda-js-lead"