From 986b50e1c8ae8331291c0e34ddd2060f8129cae5 Mon Sep 17 00:00:00 2001
From: Jacob Oaks <joaks@uber.com>
Date: Mon, 4 Mar 2024 13:19:01 -0500
Subject: [PATCH] Drop root go.mod dependencies from dependabot (#163)

In order to use a Go library, users must upgrade their dependencies to
be at least as up-to-date as those listed in the library's `go.mod`. As
@abhinav pointed out, using dependabot to then keep our dependencies
up-to-date all the time will cause any users of this library to have to
keep theirs up-to-date all the time as well, when this isn't strictly
necessary due to Go's heavy backwards compatibility culture.

Remove the section referring to the root's `go.mod` so that we can
instead only upgrade dependencies when necessary to avoid too much churn
with users of the library.
---
 .github/dependabot.yaml | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 770aec9..f004110 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -1,10 +1,5 @@
 version: 2
 updates:
-- package-ecosystem: "gomod"
-  directory: "/"
-  schedule:
-    interval: "daily"
-  open-pull-requests-limit: 5
 - package-ecosystem: "gomod"
   directory: "/tools"
   schedule:
@@ -23,4 +18,4 @@ updates:
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: "weekly"
\ No newline at end of file
+    interval: "weekly"