Commit a4f7bcf
committed
chore: rename legacy manifests to .archive so dependabot stops rescanning
Even with `.github/dependabot.yml` scoping `pip` to `/`, Dependabot's
pip ecosystem auto-discovered `legacy/requirements.txt` and opened 10
bump PRs for archived 2022 dependencies (PRs #33–42, all closed today).
The cleanest off-switch for that auto-discovery is renaming the
manifest files so they no longer match Dependabot's filename patterns:
legacy/requirements.txt
→ legacy/requirements.txt.archive
legacy/utils/google_app_engine/additional_requirements.txt
→ legacy/utils/google_app_engine/additional_requirements.txt.archive
legacy/utils/google_app_engine/Dockerfile
→ legacy/utils/google_app_engine/Dockerfile.archive
The files' contents are unchanged — readers (or future archeologists)
can still see what the 2022 pipeline depended on. They just aren't
treated as live manifests anymore.1 parent 21b7c3c commit a4f7bcf
3 files changed
File tree
- legacy
- utils/google_app_engine
File renamed without changes.
File renamed without changes.
0 commit comments