{ "$schema": "http://json-schema.org/draft-04/schema#", "definitions": {}, "id": "https://json.schemastore.org/dependabot.json", "properties": { "version": { "type": "integer", "default": 1, "examples": [1], "minimum": 1, "maximum": 1 }, "update_configs": { "type": "array", "items": { "type": "object", "required": ["package_manager", "directory", "update_schedule"], "properties": { "package_manager": { "type": "string", "enum": [ "javascript", "ruby:bundler", "php:composer", "python", "go:modules", "go:dep", "java:maven", "java:gradle", "dotnet:nuget", "rust:cargo", "elixir:hex", "docker", "terraform", "submodules", "elm", "github_actions" ], "description": "What package manager to use", "examples": ["ruby:bundler"] }, "directory": { "type": "string", "description": "Where to look for package manifests", "examples": ["/app"] }, "update_schedule": { "type": "string", "enum": ["live", "daily", "weekly", "monthly"], "description": "How often to check for updates", "examples": ["live"] }, "target_branch": { "type": "string", "description": "Branch to create pull requests against. By default your repository's default branch is used.", "items": { "type": "string", "description": "branchname", "examples": ["develop"] } }, "default_reviewers": { "type": "array", "description": "Reviewers to set on update pull requests.", "items": { "type": "string", "description": "reviewer github username", "examples": ["github-username"] } }, "default_assignees": { "type": "array", "description": "Assignees to set on update pull requests.", "items": { "type": "string", "description": "assignee github username", "examples": ["github_username_1"] } }, "default_labels": { "type": "array", "description": "Labels to set on update pull requests. By default 'dependencies' is used.", "items": { "type": "string", "examples": ["label-name"] } }, "default_milestone": { "type": "integer", "description": "Milestone to set on dependency update pull requests. Specified using the milestone number - you can find this in the URL when looking at details of a milestone in GitHub." }, "allowed_updates": { "type": "array", "description": "Limit which updates are allowed. By default all direct/top-level dependencies are kept up to date (indirect/sub-dependencies are only updated if they include security fixes).", "items": { "type": "object", "minItems": 1, "properties": { "match": { "type": "object", "properties": { "dependency_name": { "type": "string", "description": "matching on dependency name ", "examples": ["react*"] }, "dependency_type": { "type": "string", "description": "only allow certain updates", "examples": [ "development", "production", "direct", "indirect", "all" ] }, "update_type": { "type": "string", "enum": ["security", "all"], "description": "which updates to do", "default": "security", "examples": ["all"] } } } } } }, "ignored_updates": { "type": "array", "description": "By default no updates are ignored. The version_requirement specifies the versions to ignore. The range format is specific to the package manager (e.g., ^1.0.0 for JS, or ~> 2.0 for Ruby).", "items": { "type": "object", "minItems": 1, "properties": { "match": { "type": "object", "properties": { "dependency_name": { "type": "string", "description": "matching on dependency name ", "examples": ["aws*"] }, "version_requirement": { "type": "string", "description": "The version_requirement specifies the versions to ignore. The range format is specific to the package manager (e.g., ^1.0.0 for JS, or ~> 2.0 for Ruby).", "examples": ["4.x"] } } } } } }, "automerged_updates": { "type": "array", "description": "Automerged updates must be enabled at the account level (from account settings in your dashboard) before they can be configured on a project. Specify which update pull requests should be merged automatically. By default no updates are automerged. For all of the options below Dependabot will wait until all your status checks pass before merging. You can also set working hours for automerging in your dashboard account settings.", "items": { "type": "object", "minItems": 1, "properties": { "match": { "type": "object", "properties": { "dependency_name": { "type": "string", "description": "matching on dependency name ", "examples": ["aws*"] }, "dependency_type": { "type": "string", "enum": ["development", "production", "all"], "examples": ["production*"] }, "update_type": { "type": "string", "enum": [ "security:patch", "semver:patch", "semver:minor", "in_range", "all" ], "examples": ["semver:patch"] } } } } } }, "version_requirement_updates": { "type": "string", "enum": [ "off", "auto", "widen_ranges", "increase_versions", "increase_versions_if_necessary" ], "description": "Specify how Dependabot should update your package manifest (e.g. package.json, Gemfile etc), as opposed to your lockfile. By default, version requirements are increased if it's an app and the range widened if it's a library.", "examples": ["widen_ranges"] }, "commit_message": { "type": "object", "description": "Preferences for the format of Dependabot's commit messages and pull request titles. By default, Dependabot will attempt to detect your commit message preferences and use those.", "properties": { "prefix": { "type": "string", "examples": ["chore"] }, "prefix_development": { "type": "string", "examples": ["fix"] }, "include_scope": { "type": "boolean" } } } } } } }, "required": ["version", "update_configs"], "title": "Dependabot configuration file", "type": "object" }