Add new, disabled dependabot ignore directives

Add the Actions that are used in the CodeQL workflow as commented out dependencies to ignore in the dependabot configuration. These will be un-commented in downstream repositories so that only cisagov/skeleton-python-library will have dependabot PRs created for these dependencies.
cisagov · Dec 19, 2023 · 63ce462 · 63ce462
1 parent a9e6af1
commit 63ce462
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -22,6 +22,9 @@ updates:
       # # Managed by cisagov/skeleton-python-library
       # - dependency-name: actions/download-artifact
       # - dependency-name: actions/upload-artifact
+      # - dependency-name: github/codeql-action/analyze
+      # - dependency-name: github/codeql-action/autobuild
+      # - dependency-name: github/codeql-action/init
     package-ecosystem: github-actions
     schedule:
       interval: weekly