1- # To get started with Dependabot version updates, you'll need to specify which
2- # package ecosystems to update and where the package manifests are located.
3- # Please see the documentation for all configuration options:
4- # https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
1+ # Dependabot is configured to surface only security-driven updates.
2+ # `open-pull-requests-limit: 0` disables routine version- update PRs,
3+ # but security-update PRs (from advisories) are still opened automatically.
4+ # See: https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
55
66version : 2
77updates :
88 - package-ecosystem : " gomod"
99 directory : " /engine"
1010 schedule :
1111 interval : " weekly"
12+ open-pull-requests-limit : 0
1213 ignore :
1314 - dependency-name : " *"
1415 update-types : ["version-update:semver-major"]
@@ -17,6 +18,7 @@ updates:
1718 directory : " /engine"
1819 schedule :
1920 interval : " weekly"
21+ open-pull-requests-limit : 0
2022 ignore :
2123 - dependency-name : " *"
2224 update-types : ["version-update:semver-major"]
@@ -25,6 +27,7 @@ updates:
2527 directory : " /ui/packages/ce"
2628 schedule :
2729 interval : " weekly"
30+ open-pull-requests-limit : 0
2831 ignore :
2932 - dependency-name : " *"
3033 update-types : ["version-update:semver-major"]
@@ -33,6 +36,7 @@ updates:
3336 directory : " /ui"
3437 schedule :
3538 interval : " weekly"
39+ open-pull-requests-limit : 0
3640 ignore :
3741 - dependency-name : " *"
3842 update-types : ["version-update:semver-major"]
@@ -41,6 +45,7 @@ updates:
4145 directory : " /"
4246 schedule :
4347 interval : " weekly"
48+ open-pull-requests-limit : 0
4449 ignore :
4550 - dependency-name : " *"
4651 update-types : ["version-update:semver-major"]
0 commit comments