Add dependabot #11
Comments
|
@nsiwnf I've started poking around at this and I'm a little confused. My understanding is that dependabot already will open PRs when vulnerabilities are detected or dependencies are out of date. The change in the link you provided would give us extra metadata about the open PR, is that right? I'm not sure that we need it or what benefit the metadata gets us. |
|
We have to add the dependabot yml to configure how often it runs and what packages to check (rails, npm etc) - as of right now, it will not open any PRs |
|
Oh funny, maybe dependabot changed its behavior? I have another open source repo that it opens PRs on and there is no configuration to enable it. GitHub just does it. I'll look into it more... |
kasugaijin
added
on hold
|
This issue is marked as stale due to no activity within 30 days. If no further activity is detected within 7 days, it will be unassigned. |
|
Automatically unassigned after 7 days of inactivity. |
Add a dependabot github action workflow to ensure we are up to date with the latest versions.
The text was updated successfully, but these errors were encountered: