dependabot.yml

version: 2
updates:

  - package-ecosystem: "composer"
    directory: "/"
    schedule:
      interval: "weekly"
    # Increase the version requirements for Composer
    # only when required
    versioning-strategy: increase
    # All explicitly defined dependencies.
    allow:
      - dependency-type: "direct"
    open-pull-requests-limit: 10

  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    # Increase the version requirements for Composer
    # only when required
    versioning-strategy: increase
    # All explicitly defined dependencies.
    allow:
      - dependency-type: "direct"
    open-pull-requests-limit: 10
    groups:
      wordpress-packages:
        patterns:
          - "@wordpress/*"

  - package-ecosystem: github-actions
    directory: "/"
    schedule:
      interval: weekly
    open-pull-requests-limit: 10

# maybe interesting later
# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#composer-repository