# Dependabot Configuration # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates # # Strategy: # - Weekly checks for faster vulnerability detection # - Separate patch/minor/major updates to prevent blocking # - Auto-merge patches via GitHub branch protection rules # - Limit concurrent PRs to avoid spam version: 2 updates: # Cargo workspace (all Rust crates) - package-ecosystem: "cargo" directory: "/" schedule: interval: "weekly" day: "monday" open-pull-requests-limit: 5 ignore: # Bevy ECS 0.17+ requires API migration - dependency-name: "bevy_ecs" versions: ["0.17.x", "0.18.x", "0.19.x"] # jsonwebtoken 10+ requires crypto backend feature flag - dependency-name: "jsonwebtoken" versions: ["10.x", "11.x"] groups: rust-patches: applies-to: "version-updates" update-types: ["patch"] rust-minor: applies-to: "version-updates" update-types: ["minor"] rust-major: applies-to: "version-updates" update-types: ["major"] labels: - "dependencies" - "rust" # Frontend (web/) - package-ecosystem: "npm" directory: "/web" schedule: interval: "weekly" day: "monday" open-pull-requests-limit: 5 groups: frontend-patches: applies-to: "version-updates" update-types: ["patch"] frontend-minor: applies-to: "version-updates" update-types: ["minor"] frontend-major-framework: applies-to: "version-updates" update-types: ["major"] patterns: - "react" - "react-dom" - "vike" - "vite" frontend-major-other: applies-to: "version-updates" update-types: ["major"] exclude-patterns: - "react" - "react-dom" - "vike" - "vite" labels: - "dependencies" - "frontend" # GitHub Actions - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" day: "monday" open-pull-requests-limit: 5 groups: github-actions: patterns: ["*"] labels: - "dependencies" - "github-actions"