From 3ab8997d4c63e2b77fa09261a851a44c8d4f88d1 Mon Sep 17 00:00:00 2001 From: Attila Szegedi Date: Mon, 16 Feb 2026 18:50:51 +0100 Subject: [PATCH 1/3] Enable dependabot updates --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..b420d9c3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,14 @@ +# To get started with Dependabot version updates, you'll need to specify which +# package ecosystems to update and where the package manifests are located. +# Please see the documentation for all configuration options: +# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # Enable version updates for npm + - package-ecosystem: "npm" + # Look for `package.json` and `lock` files in the `root` directory + directory: "/" + # Check the npm registry for updates every day (weekdays) + schedule: + interval: "daily" From f3556e3de8a21e2ab3e346f418f22e72dba0154f Mon Sep 17 00:00:00 2001 From: Attila Szegedi Date: Tue, 17 Feb 2026 12:31:34 +0100 Subject: [PATCH 2/3] Review feedback: - weekly checks - ignore pprof-format --- .github/dependabot.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b420d9c3..851bf1fc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,6 +9,9 @@ updates: - package-ecosystem: "npm" # Look for `package.json` and `lock` files in the `root` directory directory: "/" - # Check the npm registry for updates every day (weekdays) + # Check the npm registry for updates once every week on a weekday schedule: - interval: "daily" + interval: "weekly" + ignore: + # Internal dependencies that we update manually + - dependency-name: "pprof-format" From 986ee7eda2e79821eb75303dc51c248555908b80 Mon Sep 17 00:00:00 2001 From: Attila Szegedi Date: Tue, 17 Feb 2026 12:36:53 +0100 Subject: [PATCH 3/3] - use "increase" strategy - add "dependabot" and "semver-patch" labels --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 851bf1fc..e45eef52 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,3 +15,9 @@ updates: ignore: # Internal dependencies that we update manually - dependency-name: "pprof-format" + versioning-strategy: "increase" + labels: + - dependabot + - dependencies + - javascript + - semver-patch