ci: Only allow automated security-related dependency updates on release branches (#9600)

At present we allow automated dependency updates on release branches via Dependabot. This seems fine for `main`, but is risky for release branches. This PR enables _daily_ checks for security-related dependency updates on release branches, but only performs automated non-security-related updates for `main` (weekly). --- #### PR checklist - [x] Tests written/updated, or no tests needed - [x] `CHANGELOG_PENDING.md` updated, or no changelog entry needed - [x] Updated relevant documentation (`docs/`) and code comments, or no documentation updates needed
2026-01-05 04:55:18 +00:00 · 2022-10-26 17:02:42 -04:00
parent 13bd4b63f8
commit 160a33fdb1
1 changed files with 7 additions and 5 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -53,10 +53,10 @@ updates:
  - package-ecosystem: gomod
    directory: "/"
    schedule:
-      interval: weekly
+      interval: daily
    target-branch: "v0.37.x"
-    # Only allow automated security-related dependency updates until we cut the
-    # final v0.37.0 release.
+    # Only allow automated security-related dependency updates on release
+    # branches.
    open-pull-requests-limit: 0
    labels:
      - T:dependencies
@@ -65,9 +65,11 @@ updates:
  - package-ecosystem: gomod
    directory: "/"
    schedule:
-      interval: weekly
+      interval: daily
    target-branch: "v0.34.x"
-    open-pull-requests-limit: 10
+    # Only allow automated security-related dependency updates on release
+    # branches.
+    open-pull-requests-limit: 0
    labels:
      - T:dependencies
      - S:automerge