Pac-Man/.github/dependabot.yml

# Dependabot Configuration
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
#
# Strategy:
# - Weekly checks for faster vulnerability detection
# - Separate patch/minor/major updates to prevent blocking
# - Auto-merge patches via GitHub branch protection rules
# - Limit concurrent PRs to avoid spam

version: 2
updates:
  # Cargo workspace (all Rust crates)
  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    ignore:
      # Bevy ECS 0.17+ requires API migration
      - dependency-name: "bevy_ecs"
        versions: ["0.17.x", "0.18.x", "0.19.x"]
      # jsonwebtoken 10+ requires crypto backend feature flag
      - dependency-name: "jsonwebtoken"
        versions: ["10.x", "11.x"]
    groups:
      rust-patches:
        applies-to: "version-updates"
        update-types: ["patch"]
      rust-minor:
        applies-to: "version-updates"
        update-types: ["minor"]
      rust-major:
        applies-to: "version-updates"
        update-types: ["major"]
    labels:
      - "dependencies"
      - "rust"

  # Frontend (web/) - Uses bun, but npm ecosystem for Dependabot compatibility
  - package-ecosystem: "npm"
    directory: "/web"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    groups:
      frontend-patches:
        applies-to: "version-updates"
        update-types: ["patch"]
      frontend-minor:
        applies-to: "version-updates"
        update-types: ["minor"]
      frontend-major-framework:
        applies-to: "version-updates"
        update-types: ["major"]
        patterns:
          - "react"
          - "react-dom"
          - "vike"
          - "vite"
      frontend-major-other:
        applies-to: "version-updates"
        update-types: ["major"]
        exclude-patterns:
          - "react"
          - "react-dom"
          - "vike"
          - "vite"
    labels:
      - "dependencies"
      - "frontend"

  # GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
    open-pull-requests-limit: 5
    groups:
      github-actions:
        patterns: ["*"]
    labels:
      - "dependencies"
      - "github-actions"