mirror of
https://git.tuxpa.in/a/code-server.git
synced 2024-12-28 13:15:25 +00:00
chore: use dependabot to manage dependencies (#2830)
Use dependabot to manage the dependencies defined in package.json and GitHub Actions workflows, so that we can proactively update versions. Outdated versions of third-party dependencies frequently have known security vulnerabilities with CVEs.
This commit is contained in:
parent
c270570f77
commit
7b1fe3156d
25
.github/dependabot.yml
vendored
Normal file
25
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,25 @@
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "11:00"
|
||||
assignees:
|
||||
- "jawnsy"
|
||||
reviewers:
|
||||
- "jawnsy"
|
||||
ignore:
|
||||
# GitHub always delivers the latest versions for each major
|
||||
# release tag, so handle updates manually
|
||||
- dependency-name: "actions/*"
|
||||
|
||||
- package-ecosystem: "npm"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
time: "11:00"
|
||||
assignees:
|
||||
- "jawnsy"
|
||||
reviewers:
|
||||
- "jawnsy"
|
Loading…
Reference in New Issue
Block a user