chore: ignore major version bumps in dependabot config (!1125) · Merge requests · PostgresAI / DBLab Engine

add ignore rules for semver-major updates across all ecosystems (gomod, docker, npm, github-actions)
dependabot will continue to open PRs for minor and patch updates
critical security alerts still bypass ignore rules

Dependabot has been opening PRs for major version bumps (e.g., docker/cli from 28 to 29, node from 22 to 25) that we intentionally skip — we prefer to stay on stable, proven versions and upgrade majors on our own schedule.

Major upgrades introduce unnecessary risk and may contain vulnerabilities. These PRs add noise and require manual review only to be closed.

chore: ignore major version bumps in dependabot config

Merge request reports