From 6e52790b3a8cc83988f99fcc1d0c749d3e7cb1e1 Mon Sep 17 00:00:00 2001 From: Sven Greb Date: Thu, 5 May 2022 22:37:08 +0200 Subject: [PATCH] Opt-in Dependabot version update configuration The `.github/dependabot.yml` Dependabot configuration file [2] for automation version updates [1] that was introduced in GH-52 [3] often causes a lot of PR noise and does not really help since updates also often require more action than just a bump of the version number itself like migration steps or adjustments to changes (e.g. APIs or deprecated implementations). Since Dependabot is not able to fulfill this and only does a stupid increase of the version number it often creates more work than it helps. The result are often hundreds of notifications and more digital noise for developers and maintainers without any real benefit since version & security updates are done on a regular schedule by maintainers who know what they are doing and how modern software should be maintained. Therefore the `.github/dependabot.yml` file has been renamed to `.github/dependabot.tmpl.yml` to disable Dependabot for this repository while still allowing repositories that are based on this template repository to opt-in. [1]: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates [2]: https://github.com/svengreb/tmpl/blob/32925a1f/.github/dependabot.yml [3]: https://github.com/svengreb/tmpl/issues/52 GH-94 --- .github/{dependabot.yml => dependabot.tmpl.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{dependabot.yml => dependabot.tmpl.yml} (100%) diff --git a/.github/dependabot.yml b/.github/dependabot.tmpl.yml similarity index 100% rename from .github/dependabot.yml rename to .github/dependabot.tmpl.yml