From 93c3d26b7c7a87162d7abe8d4a8d6566c8140c25 Mon Sep 17 00:00:00 2001
From: moezein0 <169095174+moezein0@users.noreply.github.com>
Date: Tue, 24 Mar 2026 16:14:42 -0400
Subject: [PATCH 1/3] chore: disable automated dependency updater config
 [incident-51602]

---
 .github/dependabot.yml | 106 -----------------------------------------
 1 file changed, 106 deletions(-)
 delete mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
deleted file mode 100644
index e9435097928c..000000000000
--- a/.github/dependabot.yml
+++ /dev/null
@@ -1,106 +0,0 @@
-# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
-version: 2
-
-registries:
-# Dependabot doesn't need to use this, so try to stop it doing so
-  azure-nuget:
-    type: nuget-feed
-    url: https://pkgs.dev.azure.com/datadoghq/dd-trace-dotnet/_packaging/Public_Feed/nuget/v3/index.json
-  public-nuget:
-    type: nuget-feed
-    url: https://api.nuget.org/v3/index.json
-
-
-updates:
-  # Mocked projects for vendored dependency notifications
-  - package-ecosystem: "nuget"
-    directory: "/tracer/dependabot"
-    registries: "*"
-    exclude-paths:
-      - "integrations"
-    schedule:
-      interval: "weekly" # these don't change often
-    labels:
-      - "dependencies"
-      - "area:dependabot"
-    ignore:
-      - dependency-name: "MessagePack" # Locked at a version that supports our net452 build target
-      - dependency-name: "*" # Ignore patches for all integrations
-        update-types: ["version-update:semver-patch"]
-
-  # Mocked projects for integration dependency notifications
-  - package-ecosystem: "nuget"
-    directory: "/tracer/dependabot/integrations"
-    registries: "*"
-    open-pull-requests-limit: 1
-    schedule:
-      interval: "daily"
-    labels:
-      - "dependencies"
-      - "area:dependabot"
-
-  # Azure functions explicit testing - we can't include these with our "normal" process checks
-  # Because they aren't compatible with the dotnet msbuild approach we're using
-  - package-ecosystem: "nuget"
-    directory: "/tracer/test/test-applications/azure-functions/Samples.AzureFunctions.V4Isolated"
-    registries: "*"
-    schedule:
-      interval: "daily"
-    labels:
-      - "dependencies"
-      - "area:dependabot"
-    ignore:
-      - dependency-name: "*" # Ignore patches for all integrations
-        update-types: ["version-update:semver-patch"]
-
-  # Src libraries
-  - package-ecosystem: "nuget"
-    directory: "/tracer/src"
-    # This is a hacky way to get Dependabot to care primarily about
-    # - Datadog.Trace
-    # - Datadog.Trace.OpenTracing
-    # - Datadog.Trace.BenchmarkDotNet
-    exclude-paths:
-      - "Datadog.AutoInstrumentation.Generator/**"
-      - "Datadog.AzureFunctions/**"
-      - "Datadog.InstrumentedAssemblyGenerator/**"
-      - "Datadog.InstrumentedAssemblyVerification/**"
-      - "Datadog.Trace.Bundle/**"
-      - "Datadog.Trace.SourceGenerators/**"
-      - "Datadog.Trace.Tools.Analyzers/**"
-      - "Datadog.Trace.Tools.Analyzers.CodeFixes/**"
-      - "Datadog.Trace.Tools.dd_dotnet.SourceGenerators/**"
-    registries: "*"
-    schedule:
-      interval: "daily"
-    labels:
-      - "dependencies"
-    ignore:
-      ### Start Datadog.Trace.csproj ignored dependencies
-      # DiagnosticSource is kept at the lowest supported version for widest compatibility
-      - dependency-name: "System.Diagnostics.DiagnosticSource"
-
-      # AspNetCore reference libraries are kept at the lowest supported version for compatibility on netstandard2.0
-      - dependency-name: "Microsoft.AspNetCore.Hosting.Abstractions"
-      - dependency-name: "Microsoft.AspNetCore.Mvc.Abstractions"
-      - dependency-name: "Microsoft.AspNetCore.Routing"
-
-      # DuckTyping libraries are kept at the lowest supported version for compatibility on netstandard2.0
-      - dependency-name: "System.Reflection.Emit"
-      - dependency-name: "System.Reflection.Emit.Lightweight"
-      ### End Datadog.Trace.csproj ignored dependencies
-
-      # Lock Microsoft.Build.Framework for widest compatibility when instrumenting builds
-      - dependency-name: "Microsoft.Build.Framework"
-
-  - package-ecosystem: "github-actions"
-    directories:
-      - "/"
-      - "/.github/actions/*"
-      - "/.github/actions/*/*"
-    schedule:
-      interval: "monthly"
-    groups:
-      gh-actions-packages:
-        patterns:
-          - "*"

From b544b2e55eeb71f4e16943190f3a2d5bfe7eb036 Mon Sep 17 00:00:00 2001
From: moezein0 <169095174+moezein0@users.noreply.github.com>
Date: Tue, 24 Mar 2026 16:14:43 -0400
Subject: [PATCH 2/3] chore: disable automated dependency updater config
 [incident-51602]

---
 .github/dependabot.yml.disabled | 106 ++++++++++++++++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100644 .github/dependabot.yml.disabled

diff --git a/.github/dependabot.yml.disabled b/.github/dependabot.yml.disabled
new file mode 100644
index 000000000000..e9435097928c
--- /dev/null
+++ b/.github/dependabot.yml.disabled
@@ -0,0 +1,106 @@
+# yaml-language-server: $schema=https://json.schemastore.org/dependabot-2.0.json
+version: 2
+
+registries:
+# Dependabot doesn't need to use this, so try to stop it doing so
+  azure-nuget:
+    type: nuget-feed
+    url: https://pkgs.dev.azure.com/datadoghq/dd-trace-dotnet/_packaging/Public_Feed/nuget/v3/index.json
+  public-nuget:
+    type: nuget-feed
+    url: https://api.nuget.org/v3/index.json
+
+
+updates:
+  # Mocked projects for vendored dependency notifications
+  - package-ecosystem: "nuget"
+    directory: "/tracer/dependabot"
+    registries: "*"
+    exclude-paths:
+      - "integrations"
+    schedule:
+      interval: "weekly" # these don't change often
+    labels:
+      - "dependencies"
+      - "area:dependabot"
+    ignore:
+      - dependency-name: "MessagePack" # Locked at a version that supports our net452 build target
+      - dependency-name: "*" # Ignore patches for all integrations
+        update-types: ["version-update:semver-patch"]
+
+  # Mocked projects for integration dependency notifications
+  - package-ecosystem: "nuget"
+    directory: "/tracer/dependabot/integrations"
+    registries: "*"
+    open-pull-requests-limit: 1
+    schedule:
+      interval: "daily"
+    labels:
+      - "dependencies"
+      - "area:dependabot"
+
+  # Azure functions explicit testing - we can't include these with our "normal" process checks
+  # Because they aren't compatible with the dotnet msbuild approach we're using
+  - package-ecosystem: "nuget"
+    directory: "/tracer/test/test-applications/azure-functions/Samples.AzureFunctions.V4Isolated"
+    registries: "*"
+    schedule:
+      interval: "daily"
+    labels:
+      - "dependencies"
+      - "area:dependabot"
+    ignore:
+      - dependency-name: "*" # Ignore patches for all integrations
+        update-types: ["version-update:semver-patch"]
+
+  # Src libraries
+  - package-ecosystem: "nuget"
+    directory: "/tracer/src"
+    # This is a hacky way to get Dependabot to care primarily about
+    # - Datadog.Trace
+    # - Datadog.Trace.OpenTracing
+    # - Datadog.Trace.BenchmarkDotNet
+    exclude-paths:
+      - "Datadog.AutoInstrumentation.Generator/**"
+      - "Datadog.AzureFunctions/**"
+      - "Datadog.InstrumentedAssemblyGenerator/**"
+      - "Datadog.InstrumentedAssemblyVerification/**"
+      - "Datadog.Trace.Bundle/**"
+      - "Datadog.Trace.SourceGenerators/**"
+      - "Datadog.Trace.Tools.Analyzers/**"
+      - "Datadog.Trace.Tools.Analyzers.CodeFixes/**"
+      - "Datadog.Trace.Tools.dd_dotnet.SourceGenerators/**"
+    registries: "*"
+    schedule:
+      interval: "daily"
+    labels:
+      - "dependencies"
+    ignore:
+      ### Start Datadog.Trace.csproj ignored dependencies
+      # DiagnosticSource is kept at the lowest supported version for widest compatibility
+      - dependency-name: "System.Diagnostics.DiagnosticSource"
+
+      # AspNetCore reference libraries are kept at the lowest supported version for compatibility on netstandard2.0
+      - dependency-name: "Microsoft.AspNetCore.Hosting.Abstractions"
+      - dependency-name: "Microsoft.AspNetCore.Mvc.Abstractions"
+      - dependency-name: "Microsoft.AspNetCore.Routing"
+
+      # DuckTyping libraries are kept at the lowest supported version for compatibility on netstandard2.0
+      - dependency-name: "System.Reflection.Emit"
+      - dependency-name: "System.Reflection.Emit.Lightweight"
+      ### End Datadog.Trace.csproj ignored dependencies
+
+      # Lock Microsoft.Build.Framework for widest compatibility when instrumenting builds
+      - dependency-name: "Microsoft.Build.Framework"
+
+  - package-ecosystem: "github-actions"
+    directories:
+      - "/"
+      - "/.github/actions/*"
+      - "/.github/actions/*/*"
+    schedule:
+      interval: "monthly"
+    groups:
+      gh-actions-packages:
+        patterns:
+          - "*"

From 71ae961d4feda818d7843c766136787969b75aaa Mon Sep 17 00:00:00 2001
From: Steven Bouwkamp <steven.bouwkamp@datadoghq.com>
Date: Tue, 24 Mar 2026 16:40:13 -0400
Subject: [PATCH 3/3] Disable auto_bump_test_package_versions

---
 ..._versions.yml => auto_bump_test_package_versions.yml.disabled} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{auto_bump_test_package_versions.yml => auto_bump_test_package_versions.yml.disabled} (100%)

diff --git a/.github/workflows/auto_bump_test_package_versions.yml b/.github/workflows/auto_bump_test_package_versions.yml.disabled
similarity index 100%
rename from .github/workflows/auto_bump_test_package_versions.yml
rename to .github/workflows/auto_bump_test_package_versions.yml.disabled