A JSON schema for the Dependabot config.yml files Json Format

version

update_configs update_configs

#	package_manager	directory	update_schedule	target_branch	default_milestone	version_requirement_updates	commit_message.prefix	commit_message.prefix_development	commit_message.include_scope	Actions
{{$index+1}}.	{{row.package_manager}}	{{row.directory}}	{{row.update_schedule}}	{{row.target_branch}}	{{row.default_milestone}}	{{row.version_requirement_updates}}	{{row.commit_message.prefix}}	{{row.commit_message.prefix_development}}	{{row.commit_message.include_scopeSelected.DisplayText}}

package_manager - What package manager to use

directory - Where to look for package manifests

update_schedule - How often to check for updates

target_branch - Branch to create pull requests against. By default your repository's default branch is used.

default_milestone - Milestone to set on dependency update pull requests. Specified using the milestone number - you can find this in the URL when looking at details of a milestone in GitHub.

version_requirement_updates - Specify how Dependabot should update your package manifest (e.g. package.json, Gemfile etc), as opposed to your lockfile. By default, version requirements are increased if it's an app and the range widened if it's a library.

default_reviewers Reviewers to set on update pull requests.

#	Values	Actions
{{$index+1}}.

default_assignees Assignees to set on update pull requests.

#	Values	Actions
{{$index+1}}.

default_labels Labels to set on update pull requests. By default 'dependencies' is used.

#	Values	Actions
{{$index+1}}.

allowed_updates Limit which updates are allowed. By default all direct/top-level dependencies are kept up to date (indirect/sub-dependencies are only updated if they include security fixes).

#	match.dependency_name	match.dependency_type	match.update_type	Actions
{{$index+1}}.

ignored_updates By default no updates are ignored. The version_requirement specifies the versions to ignore. The range format is specific to the package manager (e.g., ^1.0.0 for JS, or ~> 2.0 for Ruby).

#	match.dependency_name	match.version_requirement	Actions
{{$index+1}}.

automerged_updates Automerged updates must be enabled at the account level (from account settings in your dashboard) before they can be configured on a project. Specify which update pull requests should be merged automatically. By default no updates are automerged. For all of the options below Dependabot will wait until all your status checks pass before merging. You can also set working hours for automerging in your dashboard account settings.

#	match.dependency_name	match.dependency_type	match.update_type	Actions
{{$index+1}}.

.commit_message

_update_configs

commit_message.prefix

commit_message.prefix_development

commit_message.include_scope

ToolMatter

Your Apps in Action

Use this form to visualize A JSON schema for the Dependabot config.yml files.

{{repoTitle.MainEntity}}

update_configs update_configs

{{repoTitle.MainEntity}}

default_reviewers Reviewers to set on update pull requests.

default_assignees Assignees to set on update pull requests.

default_labels Labels to set on update pull requests. By default 'dependencies' is used.

allowed_updates Limit which updates are allowed. By default all direct/top-level dependencies are kept up to date (indirect/sub-dependencies are only updated if they include security fixes).

ignored_updates By default no updates are ignored. The version_requirement specifies the versions to ignore. The range format is specific to the package manager (e.g., ^1.0.0 for JS, or ~> 2.0 for Ruby).

_update_configs

{{repoTitle.MainEntity}}

_allowed_updates

{{repoTitle.MainEntity}}

_ignored_updates

{{repoTitle.MainEntity}}

_automerged_updates