Skip to content

Commit

Permalink
chore: use dependabot to manage dependencies (#259)
Browse files Browse the repository at this point in the history 
Use dependabot to manage the dependencies defined in go.mod and
GitHub Actions workflows, so that we can proactively update versions.

Outdated versions of third-party dependencies frequently have known
security vulnerabilities with CVEs.
  • Loading branch information
@jawnsy
jawnsy committed Mar 6, 2021
1 parent 46775b2 commit 9189ca2
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
time: "11:00"
open-pull-requests-limit: 10
assignees:
- "dependabot"

- package-ecosystem: gomod
directory: "/"
schedule:
interval: daily
time: "11:00"
open-pull-requests-limit: 10
assignees:
- "dependabot"

0 comments on commit 9189ca2

Please sign in to comment.