ci: disable dependabot version updates (#4972)

Flagsmith · Jan 6, 2025 · 94bea60 · 94bea60
1 parent f80c256
commit 94bea60
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,8 +1,13 @@
 # $schema: https://json.schemastore.org/dependabot-2.0.json
 
+
 version: 2
 updates:
   - package-ecosystem: "pip"
+    # we only want security updates from dependabot, so we set the limit to 0
+    # for regular updates. See documentation for further information here:
+    # https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#open-pull-requests-limit-
+    open-pull-requests-limit: 0
     directory: "/api"
     schedule:
       interval: "daily"
@@ -15,6 +20,7 @@ updates:
       - "dependencies"
 
   - package-ecosystem: "npm"
+    open-pull-requests-limit: 0  # only security updates
     directory: "/frontend"
     schedule:
       interval: "daily"
@@ -27,6 +33,7 @@ updates:
       - "dependencies"
 
   - package-ecosystem: "npm"
+    open-pull-requests-limit: 0  # only security updates
     directory: "/docs"
     schedule:
       interval: "daily"