From 6e88e4b796430ac67a429a1d5222440bae8c45e6 Mon Sep 17 00:00:00 2001 From: Christopher Fuka <97121270+CryptoFewka@users.noreply.github.com> Date: Fri, 24 Oct 2025 08:48:37 -0500 Subject: [PATCH] Refactor dependabot configuration for npm updates --- .github/dependabot.yml | 50 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 43 insertions(+), 7 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 578f8897..67371e82 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,14 +1,50 @@ version: 2 updates: - package-ecosystem: "npm" - directory: "/" + directories: + - "/" + + # VERSION UPDATES (scheduled) schedule: interval: "daily" commit-message: prefix: "chore(deps): " - labels: - - "dependencies" - allow: - - dependency-name: "@zetachain/networks" - - dependency-name: "@zetachain/protocol-contracts" - - dependency-name: "@zetachain/addresses" + labels: ["dependencies"] + open-pull-requests-limit: 2 # limits *version* PRs; security PRs ignore this + + groups: + # 1) ZetaChain packages together + zetachain-version: + patterns: + - "@zetachain/networks" + - "@zetachain/protocol-contracts" + - "@zetachain/addresses" + + # 2) Everything else in one PR (exclude ZetaChain deps to avoid overlap) + everything-else-version: + patterns: + - "*" + exclude-patterns: + - "@zetachain/networks" + - "@zetachain/protocol-contracts" + - "@zetachain/addresses" + update-types: + - "minor" + - "patch" + + # SECURITY UPDATES (event-driven; schedule is ignored) + zetachain-security: + applies-to: security-updates + patterns: + - "@zetachain/networks" + - "@zetachain/protocol-contracts" + - "@zetachain/addresses" + + everything-else-security: + applies-to: security-updates + patterns: + - "*" + exclude-patterns: + - "@zetachain/networks" + - "@zetachain/protocol-contracts" + - "@zetachain/addresses"