GitHub recently enabled dependabot which automatically sends PRs to bump versions of libraries that received security updates.
In our case, a lot of repos are just mirrors of gerrit repos so no PRs need to be sent there.
This ticket is to disable dependabot on such repos. Some examples:
To disable these PRs it is enough to go to the security tab of the mirror project and unclick the checkbox in the "Automatic serurity updates" menu