version: 2 updates: - package-ecosystem: npm open-pull-requests-limit: 10 directory: '/' schedule: # Going to start with a high interval, and then tone it back interval: daily timezone: America/Los_Angeles time: '15:30' reviewers: - '@getsentry/owners-js-deps' labels: [] # Group dependency updates together in one PR # https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups groups: # The name of the group, it will be used in PR titles and branch babel-dependencies: patterns: - '@babel/*' ignore: # For all packages, ignore all patch updates - dependency-name: '*' update-types: ['version-update:semver-patch'] # Sentry updates should all happen in unison, same as above we ignore # all but one as a reminder. # - dependency-name: "@sentry/react" - dependency-name: '@sentry/node' - dependency-name: '@sentry/utils' - dependency-name: '@sentry/integrations' - dependency-name: '@sentry/rrweb' # We ignore everything that hasn't yet been upgrade, this way we will # only get the _freshest_ of new packages to consider upgrading - dependency-name: '@types/marked' - dependency-name: '@types/react-router' - dependency-name: '@types/react-select' - dependency-name: '@types/reflux' - dependency-name: 'babel-jest' - dependency-name: 'gettext-parser' - dependency-name: 'jest-junit' - dependency-name: 'marked' - dependency-name: 'react-lazyload' - dependency-name: 'react-refresh' - dependency-name: 'react-router' - dependency-name: 'react-select' - dependency-name: 'reflux' - dependency-name: 'sprintf-js' - dependency-name: 'u2f-api' - package-ecosystem: 'docker' directory: 'self-hosted/' schedule: interval: 'daily' reviewers: - '@getsentry/open-source' - '@getsentry/security' # security only updates open-pull-requests-limit: 0