ci: disable dependabot PR creation

Dependabot does not need to report available updates for vendored dependencies in the downstream repository. Updates to dependencies are synced from the upstream repository when needed. There is also the "Upstream First" requirement, which we follow closely. See-also: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-01-18 02:39:30 +00:00 · 2021-09-01 08:46:09 +02:00 · 2021-09-01 08:46:09 +02:00 · f7a024cf7b
commit f7a024cf7b
parent d446ba408c
1 changed files with 2 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -2,6 +2,8 @@
 version: 2
 updates:
  - package-ecosystem: "gomod"
+    # ODF only: disable PR creation, synced from upstream
+    open-pull-requests-limit: 0
    directory: "/"
    schedule:
      interval: "weekly"