# Dependabot version update configuration for GitHub Well-Architected Framework

# Optimized for static site operations - balancing security with maintenance effort

#

# Configuration principles:

# - Monthly scheduled updates to balance dependency freshness with maintenance effort

# - increase-if-necessary versioning for npm to minimize breaking changes

# - Grouped updates per ecosystem per intentional for easier review

version: 2

updates:

# GitHub Actions dependencies

- package-ecosystem: "github-actions"

directory: "/.github/workflows"

schedule:

# Monthly scheduled updates to balance freshness with maintenance effort; security updates can still be raised separately

interval: "monthly"

commit-message:

prefix: "chore(deps)"

reviewers:

- "github/cse-intelligence-engine-squad"

# Group version and security updates separately.

groups:

actions-version:

applies-to: version-updates

patterns:

- "*"

actions-security:

applies-to: security-updates

patterns:

- "*"

# NPM dependencies (Hugo site and tooling)

- package-ecosystem: "npm"

directory: "/"

schedule:

# Monthly scheduled updates to balance freshness with maintenance effort; security updates can still be raised separately

interval: "monthly"

commit-message:

prefix: "chore(deps)"

versioning-strategy: increase-if-necessary

reviewers:

- "github/cse-intelligence-engine-squad"

# Group version and security updates separately.

groups:

npm-version:

applies-to: version-updates

patterns:

- "*"

npm-security:

applies-to: security-updates

patterns:

- "*"