From fba68c3a1d16330cdb7667d64fb2dc31a1fb7e7e Mon Sep 17 00:00:00 2001
From: Andy Jordan <2226434+andyleejordan@users.noreply.github.com>
Date: Wed, 22 Oct 2025 12:42:09 -0700
Subject: [PATCH] Workaround component governance issues

For one, the ADO task that uses `global.json` seems to require that the version use a wildcard.
This is not how it's supposed to be with the `rollForward` option, but this should fix OneBranch using old versions.

For two, we need to opt-out of ADO Dependabot because this is an internal mirror.
The good news is that GitHub Dependabot will be working with CFS again soon.
---
 .azuredevops/dependabot.yml | 3 +++
 global.json                 | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 .azuredevops/dependabot.yml

diff --git a/.azuredevops/dependabot.yml b/.azuredevops/dependabot.yml
new file mode 100644
index 000000000..7a6c0aa08
--- /dev/null
+++ b/.azuredevops/dependabot.yml
@@ -0,0 +1,3 @@
+version: 2
+enable-security-updates: false
+enable-campaigned-updates: false
diff --git a/global.json b/global.json
index 37239305b..619ea7d91 100644
--- a/global.json
+++ b/global.json
@@ -1,6 +1,6 @@
 {
     "sdk": {
-        "version": "8.0.406",
+        "version": "8.0.x",
         "rollForward": "latestFeature"
     }
 }