version: 2
updates:
  # Enable version updates for npm
  - package-ecosystem: npm
    # Look for `package.json` and `lock` files in the `root` directory
    directory: /
    schedule:
      interval: yearly
    # https://stackoverflow.com/questions/64047526/how-to-get-dependabot-to-trigger-for-security-updates-only
    open-pull-requests-limit: 0
    labels:
      - dependencies
      - security