Summary
Currently, the dependabot is configured for most projects in settings. It has been reported that we cannot turn of the PR creation without deactivating the dependabot itself. We still want dependabot to run to detect vulnerable packages but not create these PRs. To circumvent this, it has been recommended that we create a dependabot.yml and verify that it behaves as desired.
Summary
Currently, the dependabot is configured for most projects in settings. It has been reported that we cannot turn of the PR creation without deactivating the dependabot itself. We still want dependabot to run to detect vulnerable packages but not create these PRs. To circumvent this, it has been recommended that we create a dependabot.yml and verify that it behaves as desired.