InsightLearn_WASM/.github/dependabot.yml at main · marypas74/InsightLearn_WASM · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# GitHub Dependabot configuration
# Documentation: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

version: 2
updates:
  # NuGet package updates for .NET projects
  - package-ecosystem: "nuget"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "03:00"
    open-pull-requests-limit: 10

    # Ignore packages that are part of .NET framework (false positive alerts)
    ignore:
      # System.Net.Http 4.3.x is deprecated - .NET 8 uses framework version
      # GitHub alerts for this are FALSE POSITIVE (runtime uses framework, not NuGet package)
      - dependency-name: "System.Net.Http"
        versions: ["4.3.0", "4.3.1", "4.3.2", "4.3.3", "4.3.4"]
        update-types: ["version-update:semver-patch", "version-update:semver-minor"]

      # System.Text.RegularExpressions 4.3.x is deprecated - .NET 8 uses framework version
      # GitHub alerts for this are FALSE POSITIVE (runtime uses framework, not NuGet package)
      - dependency-name: "System.Text.RegularExpressions"
        versions: ["4.3.0", "4.3.1"]
        update-types: ["version-update:semver-patch", "version-update:semver-minor"]

      # runtime.native.System.Net.Http is a transitive dependency, cannot be upgraded
      - dependency-name: "runtime.native.System.Net.Http"
        versions: ["4.3.0"]

    # Group related updates together
    groups:
      dotnet-framework:
        patterns:
          - "Microsoft.AspNetCore.*"
          - "Microsoft.EntityFrameworkCore.*"
          - "Microsoft.Extensions.*"

      testing:
        patterns:
          - "xunit*"
          - "coverlet.*"
          - "FluentAssertions"
          - "Moq"

      security:
        patterns:
          - "System.Text.Json"
          - "System.IdentityModel.Tokens.Jwt"
          - "Azure.Identity"

    # Auto-merge for patch and minor updates (optional, can be enabled later)
    # versioning-strategy: "increase"

    labels:
      - "dependencies"
      - "nuget"
      - "automated"