From 10f3626e6f30413d99fe6caee2d853ce9abe31bf Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Tue, 13 Sep 2022 16:46:34 -0400
Subject: [PATCH] ci: Only allow automated security-related updates until
 v0.37.0 release (#9430)

As per discussion with @sergio-mena, this should disable all automated
dependency updates that are not security-related. We should make this
part of our standard practice when cutting new major releases, given
that our QA process for major releases is expensive at present and we
cannot re-run it for every dependency update.

Once we have cut a final major release, we can consider re-enabling
automated dependency updates here that can be rolled out in minor
releases.

Signed-off-by: Thane Thomson <connect@thanethomson.com>

Signed-off-by: Thane Thomson <connect@thanethomson.com>
---
 .github/dependabot.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 15edf23fa..2473c5ded 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -55,7 +55,9 @@ updates:
     schedule:
       interval: weekly
     target-branch: "v0.37.x"
-    open-pull-requests-limit: 10
+    # Only allow automated security-related dependency updates until we cut the
+    # final v0.37.0 release.
+    open-pull-requests-limit: 0
     labels:
       - T:dependencies
       - S:automerge