From 99518417969f34b3205f605506bbb716befc6e7c Mon Sep 17 00:00:00 2001 From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 13:43:07 -0400 Subject: [PATCH] chore: Update `dependabot.yml` template (#1813) (#1858) * chore: Update `dependabot.yml` template not to touch pip dependencies Source-Link: https://github.com/googleapis/synthtool/commit/f961eb0fe51109238128055897ccba1b70dbd804 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:af2eda87a54601ae7b7b2be5055c17b43ac98a7805b586772db314de8a7d4a1d Co-authored-by: Owl Bot --- .github/.OwlBot.lock.yaml | 3 ++- .github/dependabot.yml | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml index aadf54f64..73568a1e9 100644 --- a/.github/.OwlBot.lock.yaml +++ b/.github/.OwlBot.lock.yaml @@ -13,4 +13,5 @@ # limitations under the License. docker: image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest - digest: sha256:ad9cabee4c022f1aab04a71332369e0c23841062124818a4490f73337f790337 + digest: sha256:af2eda87a54601ae7b7b2be5055c17b43ac98a7805b586772db314de8a7d4a1d +# created: 2023-06-16T02:10:09.149325782Z diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c8f413b0d..fde1ced49 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -5,10 +5,13 @@ updates: schedule: interval: "daily" # Disable version updates for Maven dependencies - open-pull-requests-limit: 0 + # we use renovate-bot as well as shared-dependencies BOM to update maven dependencies. + ignore: "*" - package-ecosystem: "pip" directory: "/" schedule: interval: "daily" # Disable version updates for pip dependencies - open-pull-requests-limit: 0 \ No newline at end of file + # If a security vulnerability comes in, we will be notified about + # it via template in the synthtool repository. + ignore: "*"