mastodon/.github/dependabot.yml

116 lines
4 KiB
YAML
Raw Normal View History

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: npm
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
allow:
- dependency-type: direct
ignore:
# This version needs to match Rails major version, so stick to 6.x only
- dependency-name: '@rails/ujs'
versions:
- '>= 7'
# TODO: This requires code changes for migration
- dependency-name: 'tesseract.js'
versions:
- '>= 3'
# TODO: This version needs manual updates for breaking changes
- dependency-name: 'react-hotkeys'
versions:
- '>= 2'
# TODO: This version has breaking changes
- dependency-name: 'intl-messageformat'
versions:
- '>= 3'
# TODO: This version has breaking changes
- dependency-name: 'react-intl'
versions:
- '>= 3'
# TODO: This version has breaking changes
- dependency-name: 'babel-plugin-react-intl'
versions:
- '>= 7'
# TODO: This version requires code changes
- dependency-name: 'webpack-dev-server'
versions:
- '>= 4'
# TODO: This version requires code changes https://github.com/reduxjs/react-redux/releases/tag/v8.0.0
- dependency-name: 'react-redux'
versions:
- '>= 4'
# TODO: This version was ignored in https://github.com/mastodon/mastodon/pull/15238
- dependency-name: 'webpack-cli'
versions:
- '>= 4'
- package-ecosystem: bundler
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
allow:
- dependency-type: direct
ignore:
# This version needs to match Rails major version, so stick to 6.x only
- dependency-name: 'rails-i18n'
versions:
- '>= 7.0.0'
# This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
- dependency-name: 'sprockets'
versions:
- '>= 4.0.0'
# This version needs manual updates https://github.com/rails/sprockets/blob/master/UPGRADING.md#guide-to-upgrading-from-sprockets-3x-to-4x
- dependency-name: 'strong_migrations'
versions:
- '>= 1.0.0'
# This version needs updates and to sync with sidekiq-unique-jobs
- dependency-name: 'sidekiq'
versions:
- '>= 7.0.0'
# This version needs updates and to sync with sidekiq
- dependency-name: 'sidekiq-unique-jobs'
versions:
- '>= 8.0.0'
# This version needs updates and to sync with sidekiq and sidekiq-unique-jobs
- dependency-name: 'redis'
versions:
- '>= 5.0.0'
# TODO: was ignored in https://github.com/mastodon/mastodon/pull/13964
- dependency-name: 'fog-openstack'
versions:
- '>= 1.0.0'
# sassc dependency issue tracked in https://github.com/BetterErrors/better_errors/issues/516
- dependency-name: 'better_errors'
versions:
- '2.10.0'
- package-ecosystem: github-actions
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
allow:
- dependency-type: direct
- package-ecosystem: docker
directory: '/'
schedule:
interval: weekly
open-pull-requests-limit: 99
ignore:
- dependency-name: 'moritzheiber/ruby-jemalloc'
update-types:
# only suggest patch releases for ruby and needs to sync with .ruby-version
- 'version-update:semver-minor'
- dependency-name: 'node'
update-types:
# only node minor releases allowed unless .nvmrc major is changed
- 'version-update:semver-major'