ci: switch to open-pull-requests-limit: 0

- this also does not impact security updates and is a simpler configuration - per the [linked docs](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit): > This option has no impact on security updates, which have a separate, internal limit of ten open pull requests.
argoproj · Jan 9, 2024 · a203dc3 · a203dc3
1 parent acaea0d
commit a203dc3
Showing 1 changed file with 6 additions and 11 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -9,10 +9,8 @@ updates:
       - dependency-name: k8s.io/*
       - dependency-name: github.com/grpc-ecosystem/*
       - dependency-name: google.golang.org/grpc
-      # ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore
-      - dependency-name: "*"
-        update-types: [version-update:semver-major, version-update:semver-minor, version-update:semver-patch]
-    open-pull-requests-limit: 10
+    # ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
+    open-pull-requests-limit: 0
 
   - package-ecosystem: "github-actions"
     directory: "/"
@@ -23,9 +21,8 @@ updates:
       # temporarily ignore until https://github.com/actions/download-artifact/issues/249 is resolved
       - dependency-name: "actions/download-artifact"
       - dependency-name: "actions/upload-artifact"
-      # ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore
-      - dependency-name: "*"
-        update-types: [version-update:semver-major, version-update:semver-minor, version-update:semver-patch]
+    # ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
+    open-pull-requests-limit: 0
 
   - package-ecosystem: "npm"
     directory: "/ui"
@@ -37,7 +34,5 @@ updates:
       - dependency-name: style-loader
       - dependency-name: react-router-dom
       - dependency-name: "@types/react-router-dom"
-      # ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#specifying-dependencies-and-versions-to-ignore
-      - dependency-name: "*"
-        update-types: [version-update:semver-major, version-update:semver-minor, version-update:semver-patch]
-    open-pull-requests-limit: 10
+    # ignore all non-security updates: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit
+    open-pull-requests-limit: 0