From 5536f6f9efbf07a29fdb8df6d1446815cf7eea26 Mon Sep 17 00:00:00 2001 From: philippe Date: Tue, 30 Jun 2026 14:52:31 -0400 Subject: [PATCH] fix dependabot root exclude components/renderer --- .github/dependabot.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b482fddb94..ea2ee3ec75 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,10 +1,17 @@ version: 2 updates: - # Root package dependencies + # Root package dependencies. + # NOTE: listing more than one entry under `directories` makes Dependabot treat + # "/" as a recursive glob, so it scans every nested package.json. The negated + # globs below keep it out of directories that have their own update entry — the + # components and the renderer carry narrow allow/ignore lists (e.g. react-docgen + # is pinned) that the root entry would otherwise bypass. @plotly/* is internal. - package-ecosystem: "npm" directories: - "/" - "!/@plotly/*" + - "!/components/*" + - "!/dash/dash-renderer" schedule: interval: "weekly" day: "monday"