[ https://ovirt-jira.atlassian.net/browse/OVIRT-2870?page=com.atlassian.jira.p... ] Evgheni Dereveanchin reassigned OVIRT-2870: ------------------------------------------- Assignee: Krapali Rai (was: infra)

disable dependabot PRs for github repos that are gerrit mirrors ---------------------------------------------------------------

Key: OVIRT-2870 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2870 Project: oVirt - virtualization made easy Issue Type: Outage Reporter: Evgheni Dereveanchin Assignee: Krapali Rai

GitHub recently enabled dependabot which automatically sends PRs to bump versions of libraries that received security updates. In our case, a lot of repos are just mirrors of gerrit repos so no PRs need to be sent there. This ticket is to disable dependabot on such repos. Some examples: https://github.com/oVirt/ovirt-engine/pulls https://github.com/oVirt/jenkins/pulls https://github.com/oVirt/ovirt-vdsmfake/pulls To disable these PRs it is enough to go to the security tab of the mirror project and unclick the checkbox in the "Automatic serurity updates" menu

-- This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100121)