Skip to content

chore(deps): restrict dependabot to security-only updates#290

Merged
viraatc merged 1 commit intomainfrom
fix/viraatc-dependabot-fix2
Apr 22, 2026
Merged

chore(deps): restrict dependabot to security-only updates#290
viraatc merged 1 commit intomainfrom
fix/viraatc-dependabot-fix2

Conversation

@viraatc
Copy link
Copy Markdown
Collaborator

@viraatc viraatc commented Apr 21, 2026

Summary

  • Set open-pull-requests-limit: 0 on all three dependabot ecosystems (pip, github-actions, docker)
  • Per Dependabot docs, a limit of 0 disables version-update PRs; security-advisory-driven PRs ignore this limit and continue to flow

Test plan

  • Confirm no new version-bump PRs are opened on the next Monday schedule
  • Confirm security advisories still produce PRs (verify against a known advisory or wait for next one)

🤖 Generated with Claude Code

@viraatc @claude
chore(deps): restrict dependabot to security-only updates
799ef77 
Set open-pull-requests-limit: 0 on all three ecosystems. Per Dependabot
docs, this disables version-update PRs while leaving security-advisory
PRs unaffected.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@viraatc viraatc requested review from a team and Copilot April 21, 2026 19:58
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 21, 2026

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅

@github-actions github-actions Bot requested review from arekay-nv and nvzhihanj April 21, 2026 19:58
Copilot AI reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository’s Dependabot configuration to effectively disable scheduled “version update” PRs while still allowing security-advisory-driven Dependabot PRs to be created.

Changes:

  • Set open-pull-requests-limit: 0 for the pip ecosystem updates.
  • Set open-pull-requests-limit: 0 for the github-actions ecosystem updates.
  • Set open-pull-requests-limit: 0 for the docker ecosystem updates.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the .github/dependabot.yml configuration to set the open-pull-requests-limit to 0 for the npm, github-actions, and docker ecosystems, effectively disabling the creation of new pull requests by Dependabot. I have no feedback to provide.

arekay-nv
arekay-nv approved these changes Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@arekay-nv arekay-nv left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@viraatc viraatc merged commit c980656 into main Apr 22, 2026
12 checks passed
@viraatc viraatc deleted the fix/viraatc-dependabot-fix2 branch April 22, 2026 19:07
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 22, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@arekay-nv arekay-nv arekay-nv approved these changes

@nvzhihanj nvzhihanj Awaiting requested review from nvzhihanj

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@viraatc @arekay-nv