# open-pull-requests-limit is used to disable automated version updates
# security updates are unaffected. see
# * https://docs.github.com/en/code-security/how-tos/secure-your-supply-chain/secure-your-dependencies/configuring-dependabot-version-updates#disabling-dependabot-version-updates
# * https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#open-pull-requests-limit-
version: 2
updates:
  # Rust dependencies
  - package-ecosystem: "cargo"
    directory: "/"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 0
    groups:
      security:
        applies-to: "security-updates"
        patterns:
          - "*"

  # Python dependencies
  - package-ecosystem: "pip"
    directory: "/tools"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 0
    groups:
      security:
        applies-to: "security-updates"
        patterns:
          - "*"

  # daemon/web Node.js dependencies
  - package-ecosystem: "npm"
    directory: "/daemon/web"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 0
    groups:
      security:
        applies-to: "security-updates"
        patterns:
          - "*"

  # installer-gui Node.js dependencies
  - package-ecosystem: "npm"
    directory: "/installer-gui"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 0
    groups:
      security:
        applies-to: "security-updates"
        patterns:
          - "*"