# configure dependabot automatic dependency upgrades (PRs)
#
# @see https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "monthly"
      day: "monday"
      time: "09:00"
      timezone: "Europe/Berlin"
    reviewers: # Automatically assign reviewer
      - "bpmn-io/modeling-dev"
    commit-message:
      prefix: "deps:"
    versioning-strategy: "increase-if-necessary"
    # Disable version updates unless they are for security reasons.
    open-pull-requests-limit: 0