7b1fe3156d
Use dependabot to manage the dependencies defined in package.json and GitHub Actions workflows, so that we can proactively update versions. Outdated versions of third-party dependencies frequently have known security vulnerabilities with CVEs.
26 lines
535 B
YAML
26 lines
535 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
time: "11:00"
|
|
assignees:
|
|
- "jawnsy"
|
|
reviewers:
|
|
- "jawnsy"
|
|
ignore:
|
|
# GitHub always delivers the latest versions for each major
|
|
# release tag, so handle updates manually
|
|
- dependency-name: "actions/*"
|
|
|
|
- package-ecosystem: "npm"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
time: "11:00"
|
|
assignees:
|
|
- "jawnsy"
|
|
reviewers:
|
|
- "jawnsy"
|