# Basic `dependabot.yml` file with
# minimum configuration for three package managers
version: 2
updates:
  # Enable version updates for npm
  - package-ecosystem: "npm"
    # Look for `package.json` and `lock` files in the `root` directory
    directory: "/"
    # Check the npm registry for updates every day (weekdays)
    schedule:
      interval: "weekly"
      day: "saturday"
      time: "06:00"
      timezone: "Asia/Ho_Chi_Minh"  # GMT+7 (Hanoi/Vietnam timezone)

    # Only minor and patch updates
    ignore:
      - dependency-name: "*"
        update-types: [ "version-update:semver-major" ]

    # Group npm updates by dependency type
    groups:
      prod-dependencies:
        dependency-type: "production"
        update-types:
          - "minor"
          - "patch"
      dev-dependencies:
        dependency-type: "development"
        update-types:
          - "minor"
          - "patch"