From 5283bdebe8f7838dfecb8aed4fb166cf4e991930 Mon Sep 17 00:00:00 2001
From: Yifan Xiong <yifan.xiong@microsoft.com>
Date: Tue, 12 Oct 2021 16:08:33 +0800
Subject: [PATCH] CI/CD - Disable version update, allow security update only
 (#224)

Disable dependabot version update, allow security update only.
Reference:
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#open-pull-requests-limit.
---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 0deb2e9d..b6bf89dd 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,7 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    open-pull-requests-limit: 0
     allow:
       - dependency-type: "direct"
     labels:
@@ -16,6 +17,7 @@ updates:
     directory: "/website/"
     schedule:
       interval: "weekly"
+    open-pull-requests-limit: 0
     labels:
       - "dependencies"
     assignees: