diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a4344a75..6defd51a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -6,6 +6,10 @@ version: 2 # supply-chain risk from fresh or compromised releases. Cooldown does not apply # to security updates, so enabling Dependabot security updates in the repository # settings still lands those immediately. +# +# Every ecosystem below sets `patterns: ["*"]` to take in all of its +# dependencies. Dependabot requires `patterns` on each entry that joins a +# multi-ecosystem group, and rejects the whole file without it. multi-ecosystem-groups: dev-tooling: schedule: @@ -15,6 +19,7 @@ updates: # npm devDependencies: prek, Prettier, Bats. - package-ecosystem: npm directory: "/" + patterns: ["*"] multi-ecosystem-group: dev-tooling cooldown: default-days: 30 @@ -22,6 +27,7 @@ updates: # GitHub Actions used by the CI workflows. - package-ecosystem: github-actions directory: "/" + patterns: ["*"] multi-ecosystem-group: dev-tooling cooldown: default-days: 30 @@ -30,6 +36,7 @@ updates: # pre-commit-hooks). prek reads the same config format Dependabot updates. - package-ecosystem: pre-commit directory: "/" + patterns: ["*"] multi-ecosystem-group: dev-tooling cooldown: default-days: 30