From b23c3aae97fcd8eefe5927acd61be92ec82a60f1 Mon Sep 17 00:00:00 2001
From: Gabriel Pan Gantes <gabrielpanga@gmail.com>
Date: Mon, 29 Jun 2026 09:21:33 +0200
Subject: [PATCH] chore(deps): limit Dependabot to minor + patch updates

Major version bumps (e.g. actions/checkout v2->v7, okhttp 4->5, junit
5->6) are breaking and noisy; ignore semver-major on both the maven and
github-actions ecosystems so Dependabot only opens minor/patch PRs.
Major upgrades are handled manually when intended.
---
 .github/dependabot.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c9b2105..aa19732 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,7 +4,17 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    # Only minor + patch updates. Major bumps (e.g. actions/checkout v2 -> v7)
+    # are breaking and reviewed manually, not via Dependabot.
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]
   - package-ecosystem: "maven"
     directory: "/"
     schedule:
       interval: "weekly"
+    # Only minor + patch updates. Major bumps (e.g. okhttp 4 -> 5, junit 5 -> 6)
+    # are breaking and reviewed manually, not via Dependabot.
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-major"]