Closed carlewis closed 1 month ago
Can you explain why we need a dependabot? We recently removed the GitHub actions, what dependency is there to update?
I suppose it makes sense to add it back for this other PR: https://github.com/codeplaysoftware/portBLAS/pull/528
Yes, once the OpenSSF workflow is merged, it has its dependency versions pinned.
Dependabot updates will happen once a month. To avoid PR noise to developers organization level team
security managers
will receive the notification for review.