Dependabot ignore vuln_app and only do security releases.

PatrickTulskie · Mar 29, 2024 · 20cde8e · 20cde8e
1 parent f8d6e76
commit 20cde8e
Showing 1 changed file with 12 additions and 7 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,11 +1,16 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-  - package-ecosystem: "bundler" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "bundler"
+    directory: "/"
     schedule:
       interval: "weekly"
+    ignore:
+      - dependency-name: "*"
+        versions: ["*"]
+        update-types: ["all"]
+        directory: "/vuln_app"
+    versioning-strategy: "increase-if-necessary"
+    open-pull-request-limit: 0 # Disables non-security updates
+    reviewers:
+      - "PatrickTulskie"
+      - "Shawanga"