From 6ea442051f7284a06ae33a1ae57b42493f0d4c25 Mon Sep 17 00:00:00 2001 From: Anton Gilgur <4970083+agilgur5@users.noreply.github.com> Date: Wed, 1 May 2024 22:26:47 -0400 Subject: [PATCH] ci(deps): group Dependabot updates by devDeps vs prod deps (#12890) Signed-off-by: Anton Gilgur --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 63fa02f04e92..9a585539bd12 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -23,6 +23,14 @@ updates: schedule: interval: "weekly" day: "saturday" + # split devDeps and prod deps as typically only prod deps need security backports + groups: + devDeps: + applies-to: security-updates + dependency-type: "development" + deps: + applies-to: security-updates + dependency-type: "production" ignore: - dependency-name: raw-loader - dependency-name: style-loader