-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dependabot.yaml: Add dependabot configuration for the project #1281
Conversation
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍🏼
8d55ad6
to
d6f2eab
Compare
89f0746
to
1d930af
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This CodeQL thing is pretty cool! Plenty of alerts already.
Is there a way to configure it to ignore *.test.(ts|js)
files? On those I guess it wouldn't make much sense and it's pointing some theoretical security issues there.
- Create a codeql config file
Done. Added a |
What does this pull request do? Explain your changes. (required)
Adds dependabot CI flow to github
Specific updates (required)
dependabot is github's bot to identify dependencies that are out of date or have had new security patches released, which might be useful for the project
not needed
Does this pull request close any open issues?
no
Checklist: