chore: Update dependabot.yml (#1814) (#6053)

gcf-owl-bot[bot] · web-flow · commit bb8e5d3b19c5 · 2023-06-26T21:02:20.000Z
* chore: Update dependabot.yml Source-Link: https://togithub.com/googleapis/synthtool/commit/9ad18b66e75ca08d6a7779f56c7ee0595d3e1203 Post-Processor: gcr.io/cloud-devrel-public-resources/owlbot-java:latest@sha256:c33bd13e1eab022b0499a3afbfb4b93ae10cb8ad89d8203a6343a88b1b78400f
diff --git a/.github/.OwlBot.lock.yaml b/.github/.OwlBot.lock.yaml
@@ -13,4 +13,5 @@
 # limitations under the License.
 docker:
   image: gcr.io/cloud-devrel-public-resources/owlbot-java:latest
-  digest: sha256:ad9cabee4c022f1aab04a71332369e0c23841062124818a4490f73337f790337
+  digest: sha256:c33bd13e1eab022b0499a3afbfb4b93ae10cb8ad89d8203a6343a88b1b78400f
+# created: 2023-06-21T18:48:32.287298785Z
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,10 +5,15 @@ updates:
     schedule:
       interval: "daily"
     # Disable version updates for Maven dependencies
-    open-pull-requests-limit: 0
+    # we use renovate-bot as well as shared-dependencies BOM to update maven dependencies.
+    ignore:
+      - dependency-name: "*"
   - package-ecosystem: "pip"
     directory: "/"
     schedule:
       interval: "daily"
     # Disable version updates for pip dependencies
-    open-pull-requests-limit: 0
+    # If a security vulnerability comes in, we will be notified about 
+    # it via template in the synthtool repository.
+    ignore:
+      - dependency-name: "*"
