Allow Dependabot to update package.json

As per the industry standard, all version numbers are specified in package.json, so Dependabot is allowed to suggest increases when a new version is released. This is the default. Discussed in https://community.openfoodnetwork.org/t/javascript-dependency-management-with-package-json/2753
dacook · Feb 3, 2023 · 3b49ba4 · 3b49ba4
1 parent 5e689b1
commit 3b49ba4
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -6,10 +6,12 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10
+    # Only specific requirements are specified in Gemfile, so don't touch it.
     versioning-strategy: lockfile-only
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
-    versioning-strategy: lockfile-only
+    # All versions are specified in package.json, so please update them.
+    versioning-strategy: increase