Merge pull request #406 from laurazard/disable-dependabot-versions

dependabot: disable version bump checks/only keep security updates
compose-spec · Jun 21, 2023 · 532cd92 · 532cd92
2 parents 02dae79 + 7d8722b
commit 532cd92
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -4,7 +4,10 @@ updates:
   directory: "/"
   schedule:
     interval: weekly
-  open-pull-requests-limit: 10
+  # compose-go is a library, so to maximize compatibility for downstream
+  # users with go's minimal version selection for dependencies we should
+  # ignore version bumps and only update when there are security updates
+  open-pull-requests-limit: 0
   ignore:
   - dependency-name: github.com/sirupsen/logrus
     versions: