chore: Modified dependabot to only use security updates

dodevops · Dec 29, 2023 · e770f46 · e770f46
1 parent ed01003
commit e770f46
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,4 +1,6 @@
 # Set update schedule for GitHub Actions
+# open-pull-requests-limit is set to 0 because we only want security updates and those override this limit
+# see https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates#overriding-the-default-behavior-with-a-configuration-file
 version: 2
 updates:
     - package-ecosystem: "gomod"
@@ -7,13 +9,16 @@ updates:
           interval: "daily"
       allow:
           - dependency-type: "direct"
+      open-pull-requests-limit: 0
     - package-ecosystem: "npm"
       directory: "/ccc-client"
       schedule:
           interval: "daily"
       allow:
           - dependency-type: "direct"
+      open-pull-requests-limit: 0
     - package-ecosystem: "github-actions"
       directory: "/"
       schedule:
           interval: "weekly"
+      open-pull-requests-limit: 0