mastodon/.github/dependabot.yml

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: npm
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct
    ignore:
      # This version needs to match Rails major version, so stick to 6.x only
      - dependency-name: '@rails/ujs'
        versions:
          - '7.x'
      # TODO: This version got stuck in https://github.com/mastodon/mastodon/pull/14004 and this should be deleted to fix
      - dependency-name: 'pg'
        versions:
          - '8.x'
      # TODO: This was ignored in https://github.com/mastodon/mastodon/pull/19120
      - dependency-name: 'uuid'
        versions:
          - '9.x'
      # TODO: This version got stuck in https://github.com/mastodon/mastodon/pull/14073 and this should be deleted to fix
      - dependency-name: 'history'
        versions:
          - '5.x'
      # TODO: This requires code changes for migration
      - dependency-name: 'tesseract.js'
        versions:
          - '3.x'
          - '4.x'
      # TODO: This version needs manual updates for breaking changes
      - dependency-name: 'react-hotkeys'
        versions:
          - '2.x'
      # TODO: This version got stuck in https://github.com/mastodon/mastodon/pull/15206 and this should be deleted to fix
      - dependency-name: 'terser'
        versions:
          - '5.x'

  - package-ecosystem: bundler
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct
    ignore:
      # This version needs to match Rails major version, so stick to 6.x only
      - dependency-name: 'rails-i18n'
        versions:
          - '7.x'
      # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
      - dependency-name: 'sprockets'
        versions:
          - '4.x'

  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct

  - package-ecosystem: docker
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    ignore:
      - dependency-name: 'moritzheiber/ruby-jemalloc'
        update-types:
          # only suggest patch releases for ruby and needs to sync with .ruby-version
          - 'version-update:semver-minor'
      - dependency-name: 'node'
        update-types:
          # only node minor releases allowed unless .nvmrc major is changed
          - 'version-update:semver-major'
Update dependabot.yml (Fix #13939) (#13990) * Update dependabot.yml * Update dependabot.yml 2020-06-06 17:41:31 +02:00			`# To get started with Dependabot version updates, you'll need to specify which`
			`# package ecosystems to update and where the package manifests are located.`
			`# Please see the documentation for all configuration options:`
			`# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates`

Update Dependabot config (#13939) * Delete config.yml * Create dependabot.yml 2020-06-05 15:24:01 +02:00			`version: 2`
			`updates:`
Update dependabot.yml (Fix #13939) (#13990) * Update dependabot.yml * Update dependabot.yml 2020-06-06 17:41:31 +02:00			`- package-ecosystem: npm`
Format JSON and YAML using Prettier (#17823) * Format JSON and YAML using Prettier * Add prettier to devDep 2022-03-21 04:46:11 +01:00			`directory: '/'`
Update dependabot.yml (Fix #13939) (#13990) * Update dependabot.yml * Update dependabot.yml 2020-06-06 17:41:31 +02:00			`schedule:`
			`interval: weekly`
			`open-pull-requests-limit: 99`
			`allow:`
Exclude dependency updates other than direct dependencies (#14944) 2020-10-06 19:16:30 +02:00			`- dependency-type: direct`
Add Dependabot ignores for stuck updates and those needing manual interventions (#23966) 2023-04-26 17:09:26 +02:00			`ignore:`
			`# This version needs to match Rails major version, so stick to 6.x only`
			`- dependency-name: '@rails/ujs'`
			`versions:`
			`- '7.x'`
			`# TODO: This version got stuck in https://github.com/mastodon/mastodon/pull/14004 and this should be deleted to fix`
			`- dependency-name: 'pg'`
			`versions:`
			`- '8.x'`
			`# TODO: This was ignored in https://github.com/mastodon/mastodon/pull/19120`
			`- dependency-name: 'uuid'`
			`versions:`
			`- '9.x'`
			`# TODO: This version got stuck in https://github.com/mastodon/mastodon/pull/14073 and this should be deleted to fix`
			`- dependency-name: 'history'`
			`versions:`
			`- '5.x'`
			`# TODO: This requires code changes for migration`
			`- dependency-name: 'tesseract.js'`
			`versions:`
			`- '3.x'`
			`- '4.x'`
			`# TODO: This version needs manual updates for breaking changes`
			`- dependency-name: 'react-hotkeys'`
			`versions:`
			`- '2.x'`
			`# TODO: This version got stuck in https://github.com/mastodon/mastodon/pull/15206 and this should be deleted to fix`
			`- dependency-name: 'terser'`
			`versions:`
			`- '5.x'`
Update Dependabot config (#13939) * Delete config.yml * Create dependabot.yml 2020-06-05 15:24:01 +02:00
Update dependabot.yml (Fix #13939) (#13990) * Update dependabot.yml * Update dependabot.yml 2020-06-06 17:41:31 +02:00			`- package-ecosystem: bundler`
Format JSON and YAML using Prettier (#17823) * Format JSON and YAML using Prettier * Add prettier to devDep 2022-03-21 04:46:11 +01:00			`directory: '/'`
Update dependabot.yml (Fix #13939) (#13990) * Update dependabot.yml * Update dependabot.yml 2020-06-06 17:41:31 +02:00			`schedule:`
			`interval: weekly`
			`open-pull-requests-limit: 99`
			`allow:`
Exclude dependency updates other than direct dependencies (#14944) 2020-10-06 19:16:30 +02:00			`- dependency-type: direct`
Add Dependabot ignores for stuck updates and those needing manual interventions (#23966) 2023-04-26 17:09:26 +02:00			`ignore:`
			`# This version needs to match Rails major version, so stick to 6.x only`
			`- dependency-name: 'rails-i18n'`
			`versions:`
			`- '7.x'`
			`# This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x`
			`- dependency-name: 'sprockets'`
			`versions:`
			`- '4.x'`
Add GitHub Actions to package-ecosystem (#18603) 2022-06-16 22:07:10 +02:00
			`- package-ecosystem: github-actions`
			`directory: '/'`
			`schedule:`
			`interval: weekly`
			`open-pull-requests-limit: 99`
			`allow:`
			`- dependency-type: direct`
Enable Depependabot on Docker images (#23553) 2023-02-17 08:54:12 +01:00
			`- package-ecosystem: docker`
			`directory: '/'`
			`schedule:`
			`interval: weekly`
			`open-pull-requests-limit: 99`
			`ignore:`
			`- dependency-name: 'moritzheiber/ruby-jemalloc'`
			`update-types:`
			`# only suggest patch releases for ruby and needs to sync with .ruby-version`
			`- 'version-update:semver-minor'`
			`- dependency-name: 'node'`
			`update-types:`
			`# only node minor releases allowed unless .nvmrc major is changed`
			`- 'version-update:semver-major'`