Aggressively disable Dependabot preview deployments with multiple approaches

Author: sirjamesgray

.github/dependabot.yml

@@ -4,21 +4,13 @@ updates:
     directory: "/"
     schedule:
       interval: "monthly"
-    open-pull-requests-limit: 3
+    # Disable automatic pull requests completely
+    open-pull-requests-limit: 0
     versioning-strategy: auto
     labels:
       - "dependencies"
       - "security"
-    # Only allow security updates to create PRs automatically
-    # This will dramatically reduce the number of PRs
+    # Ignore all updates to prevent any PRs
     ignore:
       - dependency-name: "*"
-        update-types: ["version-update:semver-minor", "version-update:semver-patch"]
-    # Group all non-major updates into a single PR
-    groups:
-      minor-patch-dependencies:
-        patterns:
-          - "*"
-        update-types:
-          - "minor"
-          - "patch"
+        update-types: ["version-update:semver-major", "version-update:semver-minor", "version-update:semver-patch"]

.github/workflows/auto-close-dependabot.yml

@@ -0,0 +1,32 @@
+name: Auto-close Dependabot PRs
+
+on:
+  pull_request_target:
+    types: [opened, reopened]
+
+jobs:
+  auto-close:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Close Pull Request
+        uses: actions/github-script@v6
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const pr = context.payload.pull_request;
+            console.log(`Auto-closing Dependabot PR #${pr.number}: ${pr.title}`);
+            
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: pr.number,
+              body: 'This Dependabot PR is being automatically closed to prevent unnecessary Vercel preview deployments. Security updates will be applied manually by the team.'
+            });
+            
+            await github.rest.pulls.update({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: pr.number,
+              state: 'closed'
+            });

.vercelignore

@@ -0,0 +1,3 @@
+# Ignore Dependabot branches
+dependabot/*
+dependabot*

fix-vulnerabilities.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Script to fix vulnerabilities with force flag
+echo "Fixing vulnerabilities with force flag..."
+
+# Run audit fix with force flag
+npm audit fix --force
+
+# Check functions directory
+echo "Fixing vulnerabilities in functions directory..."
+cd functions
+npm audit fix --force --legacy-peer-deps
+
+echo "Vulnerabilities fixed. Please check for any breaking changes."

vercel.json

@@ -6,7 +6,13 @@
     },
     "github": {
         "silent": true,
-        "autoJobCancelation": true
+        "autoJobCancelation": true,
+        "enabled": false
     },
-    "ignoreCommand": "if [[ $VERCEL_GIT_COMMIT_REF == dependabot/* ]]; then exit 0; else exit 1; fi"
+    "git": {
+        "deploymentEnabled": {
+            "dependabot": false
+        }
+    },
+    "ignoreCommand": "if [[ $VERCEL_GIT_COMMIT_REF == *\"dependabot\"* ]]; then exit 0; else exit 1; fi"
 }