Rbiessy
commented
1 month ago Can you explain why we need a dependabot? We recently removed the GitHub actions, what dependency is there to update?
Closed carlewis closed 1 month ago
Rbiessy
commented
1 month ago Can you explain why we need a dependabot? We recently removed the GitHub actions, what dependency is there to update?
Rbiessy
commented
1 month ago I suppose it makes sense to add it back for this other PR: https://github.com/codeplaysoftware/portBLAS/pull/528
carlewis
commented
1 month ago Yes, once the OpenSSF workflow is merged, it has its dependency versions pinned.
Dependabot updates will happen once a month. To avoid PR noise to developers organization level team
security managerswill receive the notification for review.