New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add support for dependabot 馃コ #1370
feat: add support for dependabot 馃コ #1370
Conversation
Signed-off-by: Vinayak Kulkarni <19776877+vinayakkulkarni@users.noreply.github.com>
We only have dev deps so there is a risk this just leads to annoying notifications with little value. |
I partially concur. I think it might be useful with a less annoying config like: https://github.com/fastify/fastify/blob/main/.github/dependabot.yml I would also recommend we add https://github.com/fastify/fastify/blob/main/.github/dependabot.yml, configured like https://github.com/fastify/fastify/blob/da8fafdc2132cde357230fa5b43344058fdd3586/.github/workflows/ci.yml#L82. In this way the amount of manual work is greatly reduced. |
Signed-off-by: Vinayak Kulkarni <19776877+vinayakkulkarni@users.noreply.github.com>
Signed-off-by: Vinayak Kulkarni <19776877+vinayakkulkarni@users.noreply.github.com>
Codecov Report
@@ Coverage Diff @@
## main #1370 +/- ##
=======================================
Coverage 94.25% 94.25%
=======================================
Files 45 45
Lines 4211 4211
=======================================
Hits 3969 3969
Misses 242 242 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
dependabot
so that all the package dependencies are kept up-to-date withnpm
so as to mitigate any vulnerabilities in older versions of packages.