openpgpjs/.github/dependabot.yml

version: 2
updates:
  - package-ecosystem: "npm"
    # The redundant target-branch directive is needed to set two different update schedules for npm,
    # working around a dependabot limitation:
    # see https://github.com/dependabot/dependabot-core/issues/1778#issuecomment-1988140219 .
    target-branch: main
    directory: "/"
    schedule:
      interval: "daily"
    allow:
      - dependency-name: "playwright"
      - dependency-name: "@noble*"
      - dependency-name: "fflate"
    versioning-strategy: increase
    cooldown: # consider updates only X days after release
      semver-major-days: 7
      semver-minor-days: 1
      semver-patch-days: 1
      include:
        - "*"
    groups:
      # Any packages matching the pattern @noble* where the highest resolvable
      # version is minor or patch will be grouped together.
      # Grouping rules apply to version updates only.
      noble:
        applies-to: version-updates
        patterns:
        - "@noble*"
        update-types:
        - "minor"
        - "patch"
  # update other dependencies separately on a monthly basis
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "monthly"
    ignore: # targeted by other schedule above
      - dependency-name: "playwright"
      - dependency-name: "@noble*"
      - dependency-name: "fflate"
    versioning-strategy: increase
    cooldown: # consider updates only X days after release
      semver-major-days: 30
      semver-minor-days: 3
      semver-patch-days: 3
      include:
        - "*"
    groups:
      dev-dependencies:
        applies-to: version-updates
        patterns:
          - "*"
        update-types: # major updates will trigger non-grouped MRs
          - "minor"
          - "patch"

  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    commit-message:
      prefix: "CI"