Restrict Dependabot to update only the lockfiles

This enables us to specify versions in the Gemfile and package.json and Dependabot won't suggest updates we excluded that way.
2026-01-24 20:36:49 +00:00 · 2022-01-17 11:42:14 +11:00
parent 11578a8852
commit bbafe9ff94
1 changed files with 2 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,8 +6,10 @@ updates:
    schedule:
      interval: "daily"
    open-pull-requests-limit: 10
+    versioning-strategy: lockfile-only

  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
+    versioning-strategy: lockfile-only