mastodon/.github/dependabot.yml

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: npm
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct
    ignore:
      # This version needs to match Rails major version, so stick to 6.x only
      - dependency-name: '@rails/ujs'
        versions:
          - '>= 7'
      # TODO: This requires code changes for migration
      - dependency-name: 'tesseract.js'
        versions:
          - '>= 3'
      # TODO: This version needs manual updates for breaking changes
      - dependency-name: 'react-hotkeys'
        versions:
          - '>= 2'
      # TODO: This version requires code changes
      - dependency-name: 'webpack-dev-server'
        versions:
          - '>= 4'
      # TODO: This version was ignored in https://github.com/mastodon/mastodon/pull/15238
      - dependency-name: 'webpack-cli'
        versions:
          - '>= 4'

  - package-ecosystem: bundler
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct
    ignore:
      # This version needs to match Rails major version, so stick to 6.x only
      - dependency-name: 'rails-i18n'
        versions:
          - '>= 7.0.0'
      # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
      - dependency-name: 'sprockets'
        versions:
          - '>= 4.0.0'
      # This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
      - dependency-name: 'strong_migrations'
        versions:
          - '>= 1.0.0'
      # This version needs updates and to sync with sidekiq-unique-jobs
      - dependency-name: 'sidekiq'
        versions:
          - '>= 7.0.0'
      # This version needs updates and to sync with sidekiq
      - dependency-name: 'sidekiq-unique-jobs'
        versions:
          - '>= 8.0.0'
      # This version needs updates and to sync with sidekiq and sidekiq-unique-jobs
      - dependency-name: 'redis'
        versions:
          - '>= 5.0.0'
      # TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964
      - dependency-name: 'fog-openstack'
        versions:
          - '>= 1.0.0'
      # sassc dependency issue tracked in https://github.com/BetterErrors/better_errors/issues/516
      - dependency-name: 'better_errors'
        versions:
          - '2.10.0'

  - package-ecosystem: github-actions
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    allow:
      - dependency-type: direct

  - package-ecosystem: docker
    directory: '/'
    schedule:
      interval: weekly
    open-pull-requests-limit: 99
    ignore:
      - dependency-name: 'moritzheiber/ruby-jemalloc'
        update-types:
          # only suggest patch releases for ruby and needs to sync with .ruby-version
          - 'version-update:semver-minor'
      - dependency-name: 'node'
        update-types:
          # only node minor releases allowed unless .nvmrc major is changed
          - 'version-update:semver-major'