Update dependabot.yml

Signed-off-by: ҉αkα x⠠⠵ <[email protected]>
mandiant · Jan 31, 2024 · edd55da · edd55da
1 parent 10a97e4
commit edd55da
Showing 1 changed file with 36 additions and 8 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,16 +1,44 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
 version: 2
+enable-beta-ecosystems: true
 updates:
-  - package-ecosystem: "pip"
+  - package-ecosystem: "pub" # See documentation for possible values.
+    directory: "" # Location of package manifests
+    schedule:
+      interval: "daily"
+
+updates:
+  - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      # Check for updates to GitHub Actions every weekday
+      interval: "daily"      
 
-  - package-ecosystem: docker
-    directory: /.devcontainer
+updates:
+  - package-ecosystem: "npm"
+    directory: ""
     schedule:
-      interval: daily
+      interval: "daily"
+    # Update the npm manifest file to relax
+    # the version requirements
+    versioning-strategy: widen
 
-  - package-ecosystem: github-actions
-    directory: /
+  - package-ecosystem: "composer"
+    directory: ""
+    schedule:
+      interval: "daily"
+    # Increase the version requirements for Composer
+    # only when required
+    versioning-strategy: increase-if-necessary
+
+  - package-ecosystem: "pip"
+    directory: ""
     schedule:
-      interval: daily
+      interval: "daily"
+    # Only allow updates to the lockfile for pip and
+    # ignore any version updates that affect the manifest
+    versioning-strategy: lockfile-only