It says it in the title.
As it seems that there are no signs dependabot spam will go away, I ended up disabling it and avoiding adopting it for any new projects. Disable dependabot due to spammy nature by ssbarnea · Pull Request #1396 · ansible-community/ansible-lint · GitHub
Dependabot is great idea, but it fails to cover some critical aspects like being able to create single update commit with all updated dependencies. Lack of this feature makes is impractical for any projects that have either many dependencies or some that change often. Usually on python world, this means >10 deps in total, it already became a burden.
I already have Dependabot disabled in the Security & analysis page (as shown by the first below image), but I still receive unwanted PRs from Dependabot (as shown by the second below image). How do I disable them? This is on a fork, so I never want these PRs, instead I will let the upstream repo update their dependencies and then I will fast-forward to their master.
I had this too, and I forgot that dependabot is initially enabled by adding a
.github/dependabot.yaml file - just delete it