dependency-review-action/.github/dependabot.yml

version: 2
updates:
  - package-ecosystem: github-actions
    directory: /
    schedule:
      interval: weekly

  - package-ecosystem: npm
    directory: /
    schedule:
      interval: weekly
    ignore:
      - dependency-name: '@types/node'
        update-types: ['version-update:semver-major']
    groups:
      minor-updates:
        update-types:
          - 'minor'
          - 'patch'
        exclude-patterns:
          - '*spdx*'
      # Pull out any updates to spdx definitions and parsing as a priority PR
      spdx-licenses:
        patterns:
          - '*spdx*'