fix: properly disable dependabot

jdalton · jdalton · commit 22a88f7120a2 · 2026-03-12T17:47:00.000-04:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -1,3 +1,10 @@
 # Dependabot disabled - we manage dependencies manually
+# Using open-pull-requests-limit: 0 to disable version updates
+# See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates
 version: 2
-updates: []
+updates:
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: yearly
+    open-pull-requests-limit: 0
