From bbafe9ff942dfedd03cc61e69e1d7a228d312a06 Mon Sep 17 00:00:00 2001
From: Maikel Linke <maikel@email.org.au>
Date: Mon, 17 Jan 2022 11:42:14 +1100
Subject: [PATCH] Restrict Dependabot to update only the lockfiles

This enables us to specify versions in the Gemfile and package.json and
Dependabot won't suggest updates we excluded that way.
---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index fe27e296cd..09b0fa22e3 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,8 +6,10 @@ updates:
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10
+    versioning-strategy: lockfile-only
 
   - package-ecosystem: "npm"
     directory: "/"
     schedule:
       interval: "daily"
+    versioning-strategy: lockfile-only