It says it in the title.
As it seems that there are no signs dependabot spam will go away, I ended up disabling it and avoiding adopting it for any new projects. Disable dependabot due to spammy nature by ssbarnea · Pull Request #1396 · ansible-community/ansible-lint · GitHub
Dependabot is great idea, but it fails to cover some critical aspects like being able to create single update commit with all updated dependencies. Lack of this feature makes is impractical for any projects that have either many dependencies or some that change often. Usually on python world, this means >10 deps in total, it already became a burden.
I already have Dependabot disabled in the Security & analysis page (as shown by the first below image), but I still receive unwanted PRs from Dependabot (as shown by the second below image). How do I disable them? This is on a fork, so I never want these PRs, instead I will let the upstream repo update their dependencies and then I will fast-forward to their master.
I had this too, and I forgot that dependabot is initially enabled by adding a
.github/dependabot.yaml file - just delete it
For NPM, dependabot always check
@next which is really annoying.
I search a lot and try to disable the
@next channel updates, but with no luck, and find nothing. So I have to disable the whole dependabot to help myself stop being spamming by it.
I really miss greenkeeper more, the greenkeeper is really better than the dependabot on GitHub today.
@TheLastGimbus In my situation, I get dependabot PRs on a fork of another repository. Deleting a file in the repo is not an option because I want to keep my master branch in sync with the upstream one.