chore: use dependabot to manage dependencies (#2830)
Use dependabot to manage the dependencies defined in package.json and GitHub Actions workflows, so that we can proactively update versions. Outdated versions of third-party dependencies frequently have known security vulnerabilities with CVEs.
This commit is contained in:
parent
c270570f77
commit
7b1fe3156d
25
.github/dependabot.yml
vendored
Normal file
25
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: "github-actions"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "daily"
|
||||||
|
time: "11:00"
|
||||||
|
assignees:
|
||||||
|
- "jawnsy"
|
||||||
|
reviewers:
|
||||||
|
- "jawnsy"
|
||||||
|
ignore:
|
||||||
|
# GitHub always delivers the latest versions for each major
|
||||||
|
# release tag, so handle updates manually
|
||||||
|
- dependency-name: "actions/*"
|
||||||
|
|
||||||
|
- package-ecosystem: "npm"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "daily"
|
||||||
|
time: "11:00"
|
||||||
|
assignees:
|
||||||
|
- "jawnsy"
|
||||||
|
reviewers:
|
||||||
|
- "jawnsy"
|
Loading…
Reference in New Issue
Block a user