Skip to content

Commit b0478b5

Browse files
committed
fix: exclude upstream-synced packages from dependabot
model-registry and notebooks are synced from upstream repos. Dependabot bumping their deps independently creates drift that the next upstream sync would overwrite. CVE tracking for these packages is covered by RHOAIENG-59135. Made-with: Cursor
1 parent a5d6664 commit b0478b5

1 file changed

Lines changed: 0 additions & 44 deletions

File tree

.github/dependabot.yml

Lines changed: 0 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -171,47 +171,3 @@ updates:
171171
dependency-type: development
172172
security-patches:
173173
applies-to: security-updates
174-
175-
- package-ecosystem: npm
176-
directory: /packages/model-registry/upstream/frontend
177-
schedule:
178-
interval: weekly
179-
day: monday
180-
open-pull-requests-limit: 5
181-
target-branch: "main"
182-
labels:
183-
- "dependencies"
184-
ignore:
185-
- dependency-name: "*"
186-
update-types: ["version-update:semver-major"]
187-
groups:
188-
production-deps:
189-
applies-to: version-updates
190-
dependency-type: production
191-
dev-deps:
192-
applies-to: version-updates
193-
dependency-type: development
194-
security-patches:
195-
applies-to: security-updates
196-
197-
- package-ecosystem: npm
198-
directory: /packages/notebooks/upstream/workspaces/frontend
199-
schedule:
200-
interval: weekly
201-
day: monday
202-
open-pull-requests-limit: 5
203-
target-branch: "main"
204-
labels:
205-
- "dependencies"
206-
ignore:
207-
- dependency-name: "*"
208-
update-types: ["version-update:semver-major"]
209-
groups:
210-
production-deps:
211-
applies-to: version-updates
212-
dependency-type: production
213-
dev-deps:
214-
applies-to: version-updates
215-
dependency-type: development
216-
security-patches:
217-
applies-to: security-updates

0 commit comments

Comments
 (0)