# Dependabot configuration for automated dependency updates and security alerts

# See: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2

updates:

# Python dependencies

- package-ecosystem: "pip"

directory: "/"

schedule:

interval: "weekly"

open-pull-requests-limit: 5

labels:

- "dependencies"

- "python"

commit-message:

prefix: "chore(deps)"

groups:

all-minor-patch:

patterns: ["*"]

update-types: ["minor", "patch"]

# JavaScript/Node dependencies

# Note: This project uses pnpm, but Dependabot uses "npm" ecosystem

# which automatically detects and reads pnpm-lock.yaml

- package-ecosystem: "npm"

directory: "/js"

schedule:

interval: "weekly"

open-pull-requests-limit: 5

labels:

- "dependencies"

- "javascript"

commit-message:

prefix: "chore(deps)"

ignore:

# Pinned: breaking layout changes in v2

- dependency-name: "@dagrejs/dagre"

# Pinned: breaking API changes in v2

- dependency-name: "html2canvas-pro"

groups:

all-minor-patch:

patterns: ["*"]

update-types: ["minor", "patch"]