require-dependabot-version
Rule catalog ID: R070
Targeted pattern scopeโ
Repository Dependabot configuration files at .github/dependabot.yml or .github/dependabot.yaml.
What this rule reportsโ
This rule reports Dependabot configuration files that omit the top-level version key or set it to anything other than 2.
Why this rule existsโ
Dependabot configuration files must use schema version 2. Omitting the key or using a different value makes the file invalid and prevents Dependabot from interpreting later settings reliably.
โ Incorrectโ
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
version: 1
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
โ Correctโ
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "weekly"
Behavior and migration notesโ
The autofixer inserts version: 2 when the top-level key is missing and rewrites any other version value to 2. That fix is safe because Dependabot configuration currently requires schema version 2.
Additional examplesโ
This rule pairs well with require-dependabot-updates so the file always declares both the schema version and at least one update block.
ESLint flat config exampleโ
import githubActions from "eslint-plugin-github-actions-2";
export default [githubActions.configs.dependabot];
When not to use itโ
Disable this rule only if you do not lint Dependabot configuration files with this plugin.