# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  # Maintain dependencies for GitHub Actions
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
  # Maintain dependencies for npm
  - package-ecosystem: "npm" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "eslint"
        versions: ["9.x"]
      # ESM only in 3.x
      - dependency-name: "@thream/socketio-jwt"
        versions: ["3.x"]
      # Puppeteer wasn't building for Node 18, should be able to remove this when we go Node 20
      - dependency-name: "puppeteer"
        versions: ["23.x"]
      # Until we move to Express 5, we need to stick with the types for Express 4
      - dependency-name: "@types/express"
        versions: ["5.x"]
      # ESM only in 5.x
      - dependency-name: "chai"
        versions: ["5.x"]
      # ESM only in 7.x
      - dependency-name: "chai-as-promised"
        versions: ["7.x"]
    # Group all dependencies into one PR for backend.
    # Note: security PRs will still be their own for visibility.
    groups:
      api:
        applies-to: version-updates
        patterns:
          - "*"