From 09308bde8a5177d17e556ce3fce04f4ba130983c Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Sun, 1 Oct 2023 10:41:05 +0200 Subject: [PATCH 1/2] Stop bumping dev deps and group production PRs --- .github/dependabot.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 2e1f7ec..e9542ff 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -1,4 +1,4 @@ -# dependabot.yaml reference: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates +# dependabot.yaml reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file # # Notes: # - Status and logs from dependabot are provided at @@ -17,6 +17,13 @@ updates: interval: monthly time: "05:00" timezone: Etc/UTC + allow: + - dependency-type: production + groups: + production-dependencies: + dependency-type: production + development-dependencies: + dependency-type: development labels: - maintenance - dependencies From 717632f521c0c9d18f1bd803917e9ad191ee25d6 Mon Sep 17 00:00:00 2001 From: Erik Sundell Date: Thu, 5 Oct 2023 01:34:21 +0200 Subject: [PATCH 2/2] Start bumping dev deps together with prod deps --- .github/dependabot.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index e9542ff..5edbbc0 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -19,11 +19,10 @@ updates: timezone: Etc/UTC allow: - dependency-type: production + - dependency-type: development groups: - production-dependencies: - dependency-type: production - development-dependencies: - dependency-type: development + all-dependencies: + patterns: ["*"] labels: - maintenance - dependencies