Skip to content

Commit 7b1fe31

Browse files
authored
chore: use dependabot to manage dependencies (#2830)
Use dependabot to manage the dependencies defined in package.json and GitHub Actions workflows, so that we can proactively update versions. Outdated versions of third-party dependencies frequently have known security vulnerabilities with CVEs.
1 parent c270570 commit 7b1fe31

File tree

1 file changed

+25
-0
lines changed

1 file changed

+25
-0
lines changed

.github/dependabot.yml

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
version: 2
2+
updates:
3+
- package-ecosystem: "github-actions"
4+
directory: "/"
5+
schedule:
6+
interval: "daily"
7+
time: "11:00"
8+
assignees:
9+
- "jawnsy"
10+
reviewers:
11+
- "jawnsy"
12+
ignore:
13+
# GitHub always delivers the latest versions for each major
14+
# release tag, so handle updates manually
15+
- dependency-name: "actions/*"
16+
17+
- package-ecosystem: "npm"
18+
directory: "/"
19+
schedule:
20+
interval: "daily"
21+
time: "11:00"
22+
assignees:
23+
- "jawnsy"
24+
reviewers:
25+
- "jawnsy"

0 commit comments

Comments
 (0)