feat(ci): use dependabot to bump deps versions

ayamir / nvimdots

A well configured and structured Neovim.

BSD 3-Clause "New" or "Revised" License

2.91k stars 458 forks source link

Closed Cyberczy closed 7 months ago

CharlesChiuGit commented 7 months ago

i dont think using a dependabot is a good idea. we might have supply chain attack issue. it's very own security news.

ayamir commented 7 months ago

Aha, it's indeed a potential risk. Maybe we can revert this commit.

Cyberczy commented 7 months ago

agree