search

developit / microbundle

📦 Zero-configuration bundler for tiny modules.
https://npm.im/microbundle
MIT License
8.04k stars 362 forks source link

Fix #849 : Add dependabot for NPM and Github Actions #850

Closed emibcn closed 3 years ago

emibcn commented 3 years ago

To ease and fasten dependency update, use Dependabot like here.

changeset-bot[bot] commented 3 years ago

⚠️ No Changeset found

Latest commit: 35dc5c59ed8579975f8f6b23f6747ac227fc1e57

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

rschristian commented 3 years ago

Dependabot is super spammy and pretty rarely useful in my experience. Don't think it's needed or that it adds anything of value here.

emibcn commented 3 years ago

I have a security alert which cannot be resolved because microbundle-crl depends on it:

image

rschristian commented 3 years ago

Microbundle-crl is forked version of Microbundle. They're separate packages. You can find its repo here though the author has disabled issues it looks like.

emibcn commented 3 years ago

Whooops... Sorry. Its source code URL points here.