From d8e3807ec50be2b384b2c07a552f9efd315b2bb1 Mon Sep 17 00:00:00 2001
From: tooomm <tooomm@users.noreply.github.com>
Date: Fri, 27 Mar 2026 18:11:56 +0100
Subject: [PATCH] Dependabot: Enable git submodules tracking (#6727)

* Enable gitsubmodules

* update comment
---
 .github/dependabot.yml | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1e278a418..fc25af67f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -2,19 +2,18 @@
 
 version: 2
 updates:
- # # Enable version updates for git submodules
- # Not yet possible to bump only on tags or releases, see:
+ # Enable version updates for git submodules
+ # If SemVer is used, updates will happen to new releases only (not HEAD)
  # https://github.com/dependabot/dependabot-core/issues/1639
  # https://github.com/dependabot/dependabot-core/issues/2192
- # Alternative: Action that updates submodule and can be manually run on demand (workflow_dispatch)
- # - package-ecosystem: "gitsubmodule"
- #   # Look for `.gitmodules` in the `root` directory
- #   directory: "/"
- #   # Check for updates once a month
- #   schedule:
- #     interval: "monthly"
- #   # Limit the amout of open PR's (default = 5, disabled = 0, security updates are not impacted)
- #   open-pull-requests-limit: 1
+  - package-ecosystem: "gitsubmodule"
+    # Look for `.gitmodules` in the `root` directory
+    directory: "/"
+    # Check for updates once a month
+    schedule:
+      interval: "monthly"
+    # Limit the amout of open PR's (default = 5, disabled = 0, security updates are not impacted)
+    open-pull-requests-limit: 2
 
  # # Enable version updates for Docker
  # Not yet possible to bump from one LTS version to the next and skip others, see: