CI: setup Dependabot to update non-dev dependencies

We unfortunately need to manually list them as they are still declared as dev dependencies in the package.json, due to the fact that we bundle them.
2025-03-30 15:08:32 +00:00 · 2024-09-11 19:41:57 +02:00 · 2024-09-11 19:41:57 +02:00 · e80d71bdfc
commit e80d71bdfc
parent e454faab0c
1 changed files with 20 additions and 0 deletions
--- a/.github/.dependabot.yml
+++ b/.github/.dependabot.yml
@ -7,3 +7,23 @@ updates:
    allow:
      - dependency-name: "playwright"
    versioning-strategy: increase
+
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    allow:
+      - dependency-name: "@noble*"
+      - dependency-name: "fflate"
+    versioning-strategy: increase
+    groups:
+      # Any packages matching the pattern @noble* where the highest resolvable
+      # version is minor or patch will be grouped together.
+      # Grouping rules apply to version updates only.
+      noble:
+        applies-to: version-updates
+        patterns:
+        - "@noble*"
+        update-types:
+        - "minor"
+        - "patch"