There is no need to run CI here and you won't see the benefit until after merge. This would allow Dependabot to submit PRs to upgrade things like GitHub Actions versions as needed.
It automatically bumps versions. I seldom see the pip one in action but it bumps Actions from time to time. Not necessarily just security fixes. Ok to merge?
There is no need to run CI here and you won't see the benefit until after merge. This would allow Dependabot to submit PRs to upgrade things like GitHub Actions versions as needed.
See https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide