code-server/.github/dependabot.yml
Jonathan Yu 7b1fe3156d
chore: use dependabot to manage dependencies (#2830)
Use dependabot to manage the dependencies defined in package.json and
GitHub Actions workflows, so that we can proactively update versions.

Outdated versions of third-party dependencies frequently have known
security vulnerabilities with CVEs.
2021-03-12 11:46:18 -08:00

26 lines
535 B
YAML

version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
time: "11:00"
assignees:
- "jawnsy"
reviewers:
- "jawnsy"
ignore:
# GitHub always delivers the latest versions for each major
# release tag, so handle updates manually
- dependency-name: "actions/*"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
time: "11:00"
assignees:
- "jawnsy"
reviewers:
- "jawnsy"