From b05296ccf6c5018e80cac4f7b07835c2e6f25077 Mon Sep 17 00:00:00 2001
From: m1ngsama <contact@m1ng.space>
Date: Mon, 15 Jun 2026 17:25:20 +0800
Subject: [PATCH] chore(ci): disable routine Dependabot version updates, keep
 security-only

Routine scheduled version bumps create excessive PR/notification noise and
are unnecessary for a docs site. Removing .github/dependabot.yml stops all
scheduled version updates. Dependabot security updates remain enabled at the
repo level, so CVE / supply-chain fixes are still opened automatically when a
real vulnerability is found.
---
 .github/dependabot.yml | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index 5f19505..0000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
-
-version: 2
-updates:
-  # Enable version updates for npm
-  - package-ecosystem: npm
-    # Look for `package.json` and `lock` files in the `root` directory
-    directory: /
-    # Check the npm registry for updates every day (weekdays)
-    schedule:
-      interval: weekly
-
-  # Enable version updates for GitHub Actions used in workflows
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: weekly