Microsoft DevOps Engineer Expert AZ-400 Practice Question
Your team maintains a GitHub repository containing a Node.js project. You have enabled Dependabot, but the volume of pull requests for version updates, especially for development dependencies, is creating too much noise. You need to configure Dependabot to stop creating pull requests for version updates, but continue to automatically create pull requests for security updates that fix vulnerable dependencies.
Which dependabot.yml configuration should you use?
A dependabot.yml file that sets package-ecosystem: "npm", directory: "/", schedule: interval: "weekly", and open-pull-requests-limit: 0.
Disable Dependabot version updates in the repository settings and configure a CI job to run npm audit fix on a nightly basis.
A dependabot.yml file that sets package-ecosystem: "npm", directory: "/", schedule: interval: "weekly", and update-types: ["security"].
A dependabot.yml file that sets package-ecosystem: "npm", directory: "/", schedule: interval: "weekly", and includes an ignore rule with update-types: ["version-update:semver-patch"].
The correct configuration uses open-pull-requests-limit: 0 for the 'npm' package ecosystem. According to GitHub's documentation, Dependabot security updates and version updates are distinct features. The open-pull-requests-limit option specifically controls the number of open pull requests for version updates. Setting this limit to 0 effectively disables version updates, while security updates, which are not subject to this limit, will continue to be created whenever a vulnerability is detected. This directly addresses the requirement to stop noise from version updates while retaining automated security patching. The option to use update-types: ["security"] is incorrect because 'security' is not a valid value for this option. Using an ignore rule for patch updates would only be a partial solution, as it would not stop minor and major version updates. Disabling Dependabot entirely in favor of npm audit is a different workflow and does not use the dependabot.yml file to solve the problem as requested.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Dependabot?
Open an interactive chat with Bash
What does `open-pull-requests-limit: 0` achieve in Dependabot?
Open an interactive chat with Bash
What happens when `update-types: ["security"]` is used in Dependabot configuration?
Open an interactive chat with Bash
Microsoft DevOps Engineer Expert AZ-400
Develop a security and compliance plan
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .