From 160a33fdb11ea45850ca6cdd90e0a6f4546d9e1e Mon Sep 17 00:00:00 2001
From: Thane Thomson <connect@thanethomson.com>
Date: Wed, 26 Oct 2022 17:02:42 -0400
Subject: [PATCH] ci: Only allow automated security-related dependency updates
 on release branches (#9600)

At present we allow automated dependency updates on release branches via Dependabot. This seems fine for `main`, but is risky for release branches.

This PR enables _daily_ checks for security-related dependency updates on release branches, but only performs automated non-security-related updates for `main` (weekly).

---

#### PR checklist

- [x] Tests written/updated, or no tests needed
- [x] `CHANGELOG_PENDING.md` updated, or no changelog entry needed
- [x] Updated relevant documentation (`docs/`) and code comments, or no
      documentation updates needed
---
 .github/dependabot.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 2473c5ded61..c823bbaae35 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -53,10 +53,10 @@ updates:
   - package-ecosystem: gomod
     directory: "/"
     schedule:
-      interval: weekly
+      interval: daily
     target-branch: "v0.37.x"
-    # Only allow automated security-related dependency updates until we cut the
-    # final v0.37.0 release.
+    # Only allow automated security-related dependency updates on release
+    # branches.
     open-pull-requests-limit: 0
     labels:
       - T:dependencies
@@ -65,9 +65,11 @@ updates:
   - package-ecosystem: gomod
     directory: "/"
     schedule:
-      interval: weekly
+      interval: daily
     target-branch: "v0.34.x"
-    open-pull-requests-limit: 10
+    # Only allow automated security-related dependency updates on release
+    # branches.
+    open-pull-requests-limit: 0
     labels:
       - T:dependencies
       - S:automerge