Enable dependabot to get security updates and if needed version updates on dependencies
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically Having knowledge about vulnerabilities of the dependencies helps the project owners decide on their dependencies security posture to make decisions. If the project decides to get updates only on security updates and not on any version updates then setting these options would not open any PR 's open-pull-requests-limit: 0
This commit is contained in:
flying-cow
parent
0c5c2378ac
commit
706dede7ac
1 changed files with 10 additions and 0 deletions
10
.github/dependabot.yml
vendored
Normal file
10
.github/dependabot.yml
vendored
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: gomod
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
Loading…
Add table
Add a link
Reference in a new issue