From 3b49ba4de1e3ea9ca91d75c73fc3a63cad2d0153 Mon Sep 17 00:00:00 2001
From: David Cook <david@redcliffs.net>
Date: Fri, 3 Feb 2023 14:48:18 +1100
Subject: [PATCH] Allow Dependabot to update package.json

As per the industry standard, all version numbers are specified in package.json, so Dependabot is allowed to suggest increases when a new version is released. This is the default.

Discussed in https://community.openfoodnetwork.org/t/javascript-dependency-management-with-package-json/2753
---
 .github/dependabot.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 09b0fa22e3..3cf3963ad1 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,10 +6,12 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10
+    # Only specific requirements are specified in Gemfile, so don't touch it.
     versioning-strategy: lockfile-only
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
-    versioning-strategy: lockfile-only
+    # All versions are specified in package.json, so please update them.
+    versioning-strategy: increase