From 6b63a28cd2fbef60e6d2f68e5c7de5bcd2ea0162 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?F=C3=A9lix=20Malfait?= <felix.malfait@gmail.com>
Date: Thu, 22 Jan 2026 14:47:21 +0100
Subject: [PATCH] Exclude community apps from Dependabot scanning (#17345)

## Summary
- Adds `exclude-paths` configuration to Dependabot to skip
`packages/twenty-apps/community/**`
- Community-maintained apps have their own dependency management and
don't need the same security requirements as core packages

## Test plan
- Verify Dependabot no longer creates alerts/PRs for dependencies in
community apps
---
 .github/dependabot.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e3368a57c76..fcab644b972 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,6 +2,8 @@ version: 2
 updates:
   - package-ecosystem: "npm"
     directory: "/"
+    exclude-paths:
+      - "packages/twenty-apps/community/**"
     schedule:
       interval: "weekly"
     open-pull-requests-limit: 3