dependencies.yml file at the root of your repo tells us what you want to
happen. You can specify the types of dependencies that you have, where they're
located, and any additional settings to tweak the behavior to match your
workflow and tooling.
Important: Be sure to include
version: 2at the top of your configuration
version: 2 dependencies: - type: js # looks at the root of your repo by default - type: python path: requirements.txt
version: 2 dependencies: - type: python # where to find the dependency file(s) path: requirements.txt settings: github_labels: - dependencies lockfile_updates: enabled: true # `true` by default manifest_updates: enabled: true # `true` by default filters: # apply major, minor, and patch updates to manifests (this is the default behavior) - name: ".*" versions: Y.Y.Y - type: js # directory with package.json, yarn.lock, etc. path: app settings: constraint_prefix: '^' # always prepend ^ when updating package.json manifest_updates: # a dependency will apply updates according to the first filter that it matches filters: - name: ".*react.*" enabled: false - name: ".*" versions: "L.Y.Y"
You can read more about filtering updates here.