diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..e45eef52 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,23 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates once every week on a weekday + schedule: + interval: "weekly" + ignore: + # Internal dependencies that we update manually + - dependency-name: "pprof-format" + versioning-strategy: "increase" + labels: + - dependabot + - dependencies + - javascript + - semver-patch