New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot is sometimes enabled on forks #21343
Comments
This one is really annoying... As the upstream issues are open for a long time already I guess this will not be fixed any time soon. 😒 |
Unfortunately, it seems to be the only way to get rid of those PRs I'm not sure why it opened eworm-de#4 and eworm-de#5 though. Both those updates were blocked in #21505 and #21574. |
I'm not sure if it helps but all those PRs are also auto-closed once forks get updated so in principle if PRs like eworm-de#4 were blocked explicitly by using something like https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#ignore in the systemd repository most forks updated at least once a week would never get Dependabot PRs. |
Judging by https://github.blog/changelog/2022-11-07-dependabot-pull-requests-off-by-default-for-forks/ it was fixed |
According to https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-dependabot-version-updates#enabling-version-updates-on-forks
but according to dependabot/dependabot-core#2804 (comment)
which means that apparently in some cases forks will receive PRs from Dependabot and the only workaround is
I don't think it affects a lot of forks but to be sure it would be great if all issues related to PRs from Dependabot could be discussed here.
To somewhat mitigate the issue the number of PRs Dependabot can create will be limited: #21342
The text was updated successfully, but these errors were encountered: