Mirror of https://github.com/roostorg/coop
github.com/roostorg/coop
dependabot: Group security updates by NPM manifest (#39)
This patch breaks the DRY principle and doesn't use YAML aliases because
they are not supported by Dependabot [0].
[0] https://github.com/dependabot/dependabot-core/issues/1582
authored by
Paweł Wieczorek
and committed by
GitHub
0b8a76cd
425e25d8
+67
+67
.github/dependabot.yml
+67
.github/dependabot.yml
···
18
18
ignore:
19
19
- dependency-name: "node"
20
20
update-types: ["version-update:semver-major"]
21
+
22
+
# Enable version updates for npm
23
+
- package-ecosystem: 'npm'
24
+
directory: '/'
25
+
schedule:
26
+
interval: 'weekly'
27
+
groups:
28
+
prod-security:
29
+
dependency-type: 'production'
30
+
applies-to: 'security-updates'
31
+
patterns:
32
+
- '*'
33
+
34
+
- package-ecosystem: 'npm'
35
+
directory: '/db'
36
+
schedule:
37
+
interval: 'weekly'
38
+
groups:
39
+
prod-security:
40
+
dependency-type: 'production'
41
+
applies-to: 'security-updates'
42
+
patterns:
43
+
- '*'
44
+
45
+
- package-ecosystem: 'npm'
46
+
directory: '/migrator'
47
+
schedule:
48
+
interval: 'weekly'
49
+
groups:
50
+
prod-security:
51
+
dependency-type: 'production'
52
+
applies-to: 'security-updates'
53
+
patterns:
54
+
- '*'
55
+
56
+
- package-ecosystem: 'npm'
57
+
directory: '/server'
58
+
schedule:
59
+
interval: 'weekly'
60
+
groups:
61
+
prod-security:
62
+
dependency-type: 'production'
63
+
applies-to: 'security-updates'
64
+
patterns:
65
+
- '*'
66
+
67
+
- package-ecosystem: 'npm'
68
+
directory: '/client'
69
+
schedule:
70
+
interval: 'weekly'
71
+
groups:
72
+
prod-security:
73
+
dependency-type: 'production'
74
+
applies-to: 'security-updates'
75
+
patterns:
76
+
- '*'
77
+
78
+
- package-ecosystem: 'npm'
79
+
directory: '/nodejs-instrumentation'
80
+
schedule:
81
+
interval: 'weekly'
82
+
groups:
83
+
prod-security:
84
+
dependency-type: 'production'
85
+
applies-to: 'security-updates'
86
+
patterns:
87
+
- '*'