From b017da9287a61a23e7f5b2e8f5c0f1e512dcbec0 Mon Sep 17 00:00:00 2001 From: Byron Williams Date: Wed, 3 Jun 2026 21:53:44 -0700 Subject: [PATCH] chore(deps): add detection-only dependabot.yml (Renovate sole PR-opener) --- .github/dependabot.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9d83468 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,15 @@ +version: 2 +# Detection-only: Renovate is the sole PR-opener. open-pull-requests-limit: 0 +# suppresses Dependabot version PRs. Dependabot alerts (a repo setting) remain +# the multi-ecosystem detection ledger. Refs: standards CI-021 (amended), CI-074. +updates: + - package-ecosystem: "pip" # Python: pyproject.toml / requirements / uv + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 0 + - package-ecosystem: "github-actions" # if .github/workflows/ present + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 0