Dependabot spams private mirrors
NightTsarina opened this issue · comments
Is there an existing issue for this?
- I have searched the existing issues
Package ecosystem
n/a
Package manager version
No response
Language version
No response
Manifest location and content before the Dependabot update
No response
dependabot.yml content
No response
Updated dependency
No response
What you expected to see, versus what you actually saw
I have a private mirror of a public repo that includes a dependabot.yml
file. I have disabled actions and all available dependabot settings.
I expect dependabot to leave this repo alone. Instead, it keeps cluttering my workflow with useless PRs unless I change files in a repository that I am trying to keep identical to upstream.
This has already been reported 3 years ago (#3727), but I see no change since.
Native package manager behavior
No response
Images of the diff or a link to the PR, issue, or logs
ASSEKURANSA/python-pybase64#14, ASSEKURANSA/python-pybase64#15, and many more.
Smallest manifest that reproduces the issue
No response