From 86d5dd7a7e8e1c31de76b8e2a2defb3cb91467aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Wieczorek?= Date: Thu, 2 Apr 2026 18:42:14 +0200 Subject: [PATCH] dependabot: Group security updates by NPM manifest This patch breaks the DRY principle and doesn't use YAML aliases because they are not supported by Dependabot [0]. [0] https://github.com/dependabot/dependabot-core/issues/1582 --- .github/dependabot.yml | 67 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6a02bdbb..055b3b14 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -18,3 +18,70 @@ updates: ignore: - dependency-name: "node" update-types: ["version-update:semver-major"] + + # Enable version updates for npm + - package-ecosystem: 'npm' + directory: '/' + schedule: + interval: 'weekly' + groups: + prod-security: + dependency-type: 'production' + applies-to: 'security-updates' + patterns: + - '*' + + - package-ecosystem: 'npm' + directory: '/db' + schedule: + interval: 'weekly' + groups: + prod-security: + dependency-type: 'production' + applies-to: 'security-updates' + patterns: + - '*' + + - package-ecosystem: 'npm' + directory: '/migrator' + schedule: + interval: 'weekly' + groups: + prod-security: + dependency-type: 'production' + applies-to: 'security-updates' + patterns: + - '*' + + - package-ecosystem: 'npm' + directory: '/server' + schedule: + interval: 'weekly' + groups: + prod-security: + dependency-type: 'production' + applies-to: 'security-updates' + patterns: + - '*' + + - package-ecosystem: 'npm' + directory: '/client' + schedule: + interval: 'weekly' + groups: + prod-security: + dependency-type: 'production' + applies-to: 'security-updates' + patterns: + - '*' + + - package-ecosystem: 'npm' + directory: '/nodejs-instrumentation' + schedule: + interval: 'weekly' + groups: + prod-security: + dependency-type: 'production' + applies-to: 'security-updates' + patterns: + - '*'