From 1fa7e405af8d610afefe3c0b6aae680c35e60a78 Mon Sep 17 00:00:00 2001
From: Alex Janousek <alex.janousek@gsa.gov>
Date: Mon, 2 Mar 2026 12:04:05 -0500
Subject: [PATCH] Disable automatic dependabot updates

---
 .github/dependabot.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 528baf932..490037ff0 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,18 +3,19 @@
 # Please see the documentation for all configuration options:
 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 
+# Note: Setting open-pull-requests-limit to 0 disables version update PRs.
+# Security updates are still active and controlled separately in repository settings.
+
 version: 2
 updates:
   - package-ecosystem: 'pip' # See documentation for possible values
     directory: '/' # Location of package manifests
     schedule:
       interval: 'daily'
-    assignees:
-      - 'alexjanousekGSA'
+    open-pull-requests-limit: 0  # Disable version update PRs; security updates still active
   - package-ecosystem: 'npm'
     directory: '/'
     schedule:
       interval: 'daily'
+    open-pull-requests-limit: 0  # Disable version update PRs; security updates still active
     versioning-strategy: increase
-    assignees:
-      - 'alexjanousekGSA'