From 5be9adca517e0dbd0db75cca3aad981809b25d21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Wieczorek?= <pawiecz@collabora.com>
Date: Thu, 2 Apr 2026 18:42:14 +0200
Subject: [PATCH] dependabot: Group security updates by NPM manifest

---
 .github/dependabot.yml | 58 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cb8843b..89f2cea 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,4 +9,60 @@ updates:
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
-      interval: "weekly"
\ No newline at end of file
+      interval: "weekly"
+
+  # Enable version updates for npm
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+    groups:
+      prod-security:
+        dependency-type: 'production'
+        applies-to: 'security-updates'
+        patterns:
+          - '*'
+
+  - package-ecosystem: 'npm'
+    directory: '/db'
+    schedule:
+      interval: 'weekly'
+    groups:
+      prod-security:
+        dependency-type: 'production'
+        applies-to: 'security-updates'
+        patterns:
+          - '*'
+
+  - package-ecosystem: 'npm'
+    directory: '/migrator'
+    schedule:
+      interval: 'weekly'
+    groups:
+      prod-security:
+        dependency-type: 'production'
+        applies-to: 'security-updates'
+        patterns:
+          - '*'
+
+  - package-ecosystem: 'npm'
+    directory: '/server'
+    schedule:
+      interval: 'weekly'
+    groups:
+      prod-security:
+        dependency-type: 'production'
+        applies-to: 'security-updates'
+        patterns:
+          - '*'
+
+  - package-ecosystem: 'npm'
+    directory: '/client'
+    schedule:
+      interval: 'weekly'
+    groups:
+      prod-security:
+        dependency-type: 'production'
+        applies-to: 'security-updates'
+        patterns:
+          - '*'