From db5022b9656d2429a13aca0d03b0e37cdcd5bb69 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Tue, 25 Feb 2025 10:18:50 -0500 Subject: [PATCH] deps: remove actions updates from dependabot (#25211) Dependabot can update actions to versions that are not in the TSCCR allowlist. The TSCCR check doesn't happen in CE, which means we don't learn we have a problem until after we've spent the effort to backport them. Remove the automation that updates actions automatically until this issue is resolved on the security team's side. --- .github/dependabot.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 834d834e6..c3b92db95 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -40,13 +40,3 @@ updates: labels: - "theme/dependencies" - "theme/website" - - package-ecosystem: github-actions - open-pull-requests-limit: 5 - directory: / - labels: - - "theme/dependencies" - - "theme/ci" - schedule: - interval: "weekly" - day: "sunday" - time: "09:00"