From 46e2196da6540baa0ad1b5b9f11ae499a35d822f Mon Sep 17 00:00:00 2001 From: Valentin Knabel Date: Mon, 16 Mar 2026 12:28:01 +0100 Subject: [PATCH 1/6] chore(ci): configure dependabot --- .github/dependabot.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c7be0775..bdde7b5d 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -9,3 +9,16 @@ updates: directory: "/" # Location of package manifests schedule: interval: "weekly" + groups: + docusaurus-dependencies: # docusaurus and critical updates + patterns: + - "@docusaurus*" + - "docusaurus-*" + - "react*" + - "@scalar/api-reference-react" + other-dependencies: + exclude-patterns: + - "@docusaurus*" + - "docusaurus-*" + - "react*" + - "@scalar/api-reference-react" From 23e26a8cc8d8eec51c6d2f3cf0dd88b92f280cc1 Mon Sep 17 00:00:00 2001 From: Valentin Knabel Date: Mon, 16 Mar 2026 12:39:28 +0100 Subject: [PATCH 2/6] chore(ci): configure github-action updates --- .github/dependabot.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index bdde7b5d..9ab3bdad 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -22,3 +22,12 @@ updates: - "docusaurus-*" - "react*" - "@scalar/api-reference-react" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + groups: + actions: + patterns: + - "*" From f3df9aef7ecfd7aef485164bc6c7ef6d754fcdef Mon Sep 17 00:00:00 2001 From: Valentin Knabel Date: Mon, 16 Mar 2026 14:06:22 +0100 Subject: [PATCH 3/6] chore(ci): keep majors separate --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9ab3bdad..0f292975 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,11 +17,16 @@ updates: - "react*" - "@scalar/api-reference-react" other-dependencies: + patterns: + - "*" exclude-patterns: - "@docusaurus*" - "docusaurus-*" - "react*" - "@scalar/api-reference-react" + update-types: + - minor + - patch - package-ecosystem: "github-actions" directory: "/" From 6f672b106170de174e3bdf6717c1f686fe95adb3 Mon Sep 17 00:00:00 2001 From: Valentin Knabel Date: Mon, 16 Mar 2026 14:14:37 +0100 Subject: [PATCH 4/6] chore(ci): explicitly group security fixes --- .github/dependabot.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 0f292975..288a899e 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,18 +5,32 @@ version: 2 updates: + - package-ecosystem: "bun" + open-pull-requests-limit: 0 # limit does not apply for security PRs + directory: "/" + schedule: + interval: daily + groups: + security: + applies-to: security-updates + patterns: + - "*" + - package-ecosystem: "bun" # See documentation for possible values directory: "/" # Location of package manifests schedule: interval: "weekly" groups: docusaurus-dependencies: # docusaurus and critical updates + applies-to: version-updates patterns: - "@docusaurus*" - "docusaurus-*" - "react*" - "@scalar/api-reference-react" + other-dependencies: + applies-to: version-updates patterns: - "*" exclude-patterns: From 8f7b84dae9dac2c28ac77f77d193c69ebd200d8a Mon Sep 17 00:00:00 2001 From: Valentin Knabel Date: Mon, 16 Mar 2026 14:27:12 +0100 Subject: [PATCH 5/6] chore(ci): security updates get triage --- .github/dependabot.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 288a899e..73347908 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,22 +6,20 @@ version: 2 updates: - package-ecosystem: "bun" - open-pull-requests-limit: 0 # limit does not apply for security PRs directory: "/" schedule: - interval: daily + interval: "weekly" groups: security: applies-to: security-updates patterns: - "*" + labels: + - dependencies + - javascript + - triage - - package-ecosystem: "bun" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "weekly" - groups: - docusaurus-dependencies: # docusaurus and critical updates + docusaurus-dependencies: applies-to: version-updates patterns: - "@docusaurus*" @@ -47,6 +45,15 @@ updates: schedule: interval: "monthly" groups: + security: + applies-to: security-updates + patterns: + - "*" + labels: + - dependencies + - triage + actions: + applies-to: version-updates patterns: - "*" From 6c148b0fe730c280ab4dead1ad7afa5ebeebda7f Mon Sep 17 00:00:00 2001 From: Valentin Knabel Date: Mon, 16 Mar 2026 14:30:25 +0100 Subject: [PATCH 6/6] chore(ci): nahhhh, labels are not allowed in groups --- .github/dependabot.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 73347908..205d928b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,10 +14,6 @@ updates: applies-to: security-updates patterns: - "*" - labels: - - dependencies - - javascript - - triage docusaurus-dependencies: applies-to: version-updates @@ -49,9 +45,6 @@ updates: applies-to: security-updates patterns: - "*" - labels: - - dependencies - - triage actions: applies-to: version-updates