From b5d9fbb8eb804b0e1cff7988cd0bf9494dfb46c6 Mon Sep 17 00:00:00 2001
From: Klaas van Schelven <klaas@vanschelven.com>
Date: Thu, 30 Jan 2025 14:55:39 +0100
Subject: [PATCH] Dependabot: no npm pull requests

---
 .github/dependabot.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3cb0dfc..c63cb8e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,3 +19,13 @@ updates:
     - dependency-name: "django-tailwind"
       versions:
       - ">3.6"
+
+# Turn off all pull requests for npm dependencies; we only use npm as a development-side
+# dependency (for tailwind, the results of which we simply commit into the repo).
+# This looks like a work-around ("limit: 0") but it's in fact the official way:
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#example-disabling-version-updates-for-some-dependencies
+- package-ecosystem: "npm"
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 0