# LAB ONLY
# 用途: 依赖告警与升级建议，用于研究仓库和测试资产
# 目标范围: 自有代码仓、自有测试项目
# 风险: 可能产生大量升级 PR，需要人工分流
# 不适用: 未经评估直接套到生产阻断流程
version: 2
updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
      day: "monday"
      time: "04:00"
    open-pull-requests-limit: 10
    labels:
      - "security"
      - "dependencies"
      - "lab-review"
    groups:
      frontend-runtime:
        patterns:
          - "react*"
          - "next"
          - "vue*"
          - "nuxt*"
          - "vite*"
      http-clients:
        patterns:
          - "axios"
          - "undici"
          - "node-fetch*"
  - package-ecosystem: "docker"
    directory: "/00-environments"
    schedule:
      interval: "weekly"
      day: "wednesday"
      time: "04:30"