- Add code_to_optimize/**/package-lock.json to .gitignore
- Re-enable Dependabot version updates with limit of 5 PRs per ecosystem
- Keep code_to_optimize/ ignore comment in dependabot.yml
Sets open-pull-requests-limit: 0 on all ecosystems. Existing open
Dependabot PRs are unaffected — this only prevents new ones.
Re-enable by removing the open-pull-requests-limit lines.
Dependabot was auto-discovering all package.json and pyproject.toml
files including 12 in code_to_optimize/ (test fixtures). These PRs
always fail because E2E tests need secrets unavailable on Dependabot
PRs — 70% of Dependabot runs were failing on vite updates to fixtures.
Explicit config monitors only the real dependency files:
- / (root pyproject.toml)
- /packages/codeflash (npm package)
- GitHub Actions versions
