dmarcos
commented
2 months ago cc @vincentfretin
Closed dmarcos closed 2 months ago
dmarcos
commented
2 months ago cc @vincentfretin
vincentfretin
commented
2 months ago You can, the hexo server is not exposed to the internet, we use it just to build static files.
vincentfretin
commented
2 months ago Also all the PRs was updating yarn.lock we didn't even use and we removed the file in #536
and we didn't commit package-lock.json so actually you won't have dependabot alerts because the file is not in the repo, that's how dependabot works. I don't see package-lock.json when I npm install I don't know why that's weird.
So yeah first you can close all the PRs that were updating yarn.lock.
dmarcos
commented
2 months ago Thanks, I disabled dependabot
Should we disable it? Don't see it being useful at the moment