Setup Dependabot groups - Githubissues

NodeSecure / Governance

NodeSecure Governance (Code of conduct & Contribution guidelines)

MIT License

13 stars 4 forks source link

Setup Dependabot groups #92

Closed PierreDemailly closed 7 months ago

PierreDemailly commented 8 months ago

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

The idea is to setup theses groups:

GHAs
deps
devDeps
@nodesecure/* only for scanner, cli & ci. Others packages have too few @nodesecure dependencies

Some packages have too few dependencies so we can skip them.

Tools

[x] CLI
[x] scanner
[x] JS-X-Ray
[x] i18n
[x] vulnera
[x] CI
[x] ci-action SKIP -> GHA
[x] RC
[x] flags SKIP -> GHA
[x] report
[x] domain-check SKIP -> GHA
[x] Utils
[x] fs-walk SKIP -> GHA
[x] github
[x] gitlab
[x] ossf-scorecard-sdk
[x] npm-tarball-license-parser
[x] licenses-conformance
[x] eslint-config SKIP
[x] npm-registry-sdk
[x] npm-security-fetcher
[x] authors

fraxken commented 7 months ago

@fabnguess If you have time to handle the 3 last repositories

We need to group at least Github Actions update (for flags I think we should also group devDependencies)