Reviewing PRs from Github Dependabot

in #blog3 days ago

If you have a .github/dependabot.yml

version: 2
updates:
  # Keep npm dependencies patched (security + minor updates).
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    open-pull-requests-limit: 5
    labels:
      - "dependencies"
    groups:
      # Batch low-risk dev tooling updates into a single PR.
      dev-dependencies:
        dependency-type: "development"
        update-types:
          - "minor"
          - "patch"

  # Keep GitHub Actions pinned versions fresh.
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    labels:
      - "dependencies"
      - "github-actions"

  # Keep the Docker base image up to date.
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "weekly"
    labels:
      - "dependencies"
      - "docker"

Then, weekly, the github will review the dependencies of the project:

image.png

Steem to the Moon🚀!

Support me, thank you!

Why you should vote me? My contributions
Please vote me as a witness or set me as a proxy via https://steemitwallet.com/~witnesses

image.png

Coin Marketplace

STEEM 0.04
TRX 0.33
JST 0.101
BTC 64123.01
ETH 1813.38
USDT 1.00
SBD 0.38