From ff4460c3d736167fb47370933fb98b5f68b80e95 Mon Sep 17 00:00:00 2001 From: Justin Mayer Date: Tue, 1 Jul 2025 09:31:01 +0200 Subject: [PATCH] Limit Dependabot scope to GitHub Actions only Sometimes we intentionally pin specific package versions -- such as for Pygments, Jinja2, and Markdown -- and thus automated Dependabot PRs for those packages are spurious and unwanted. --- .github/dependabot.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a0a90b94..4fed5330 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,13 +1,8 @@ # See https://docs.github.com/en/free-pro-team@latest/ # github/administering-a-repository/enabling-and-disabling-version-updates - +--- version: 2 updates: - - package-ecosystem: "pip" - directory: "/" - schedule: - interval: "monthly" - open-pull-requests-limit: 10 - package-ecosystem: "github-actions" directory: "/" schedule: