chore(deps): reduce dependabot noise - weekly schedule, ignore reviewed gRPC 2.8.x alerts

MPCoreDeveloper · MPCoreDeveloper · commit 1fb53fa229a9 · 2026-04-29T06:56:01.000+02:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -3,10 +3,11 @@ updates:
   - package-ecosystem: "nuget"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "monday"
       time: "06:00"
       timezone: "Europe/Amsterdam"
-    open-pull-requests-limit: 20
+    open-pull-requests-limit: 10
     labels:
       - "dependencies"
       - "nuget"
@@ -24,6 +25,18 @@ updates:
       serilog:
         patterns:
           - "Serilog*"
+    ignore:
+      # gRPC 2.8.x — reviewed, not affected by reported CVEs
+      - dependency-name: "Grpc.Tools"
+        versions: ["2.8.*"]
+      - dependency-name: "Grpc.Core"
+        versions: ["2.8.*"]
+      - dependency-name: "Grpc.Net.Client"
+        versions: ["2.8.*"]
+      - dependency-name: "Grpc.AspNetCore"
+        versions: ["2.8.*"]
+      - dependency-name: "Grpc.Net.ClientFactory"
+        versions: ["2.8.*"]
 
   - package-ecosystem: "github-actions"
     directory: "/"
