Here is a dependabot configuration that enables version updates for github workflows and groups them in a single PR to avoid multiple PRs
It is schedule to run monthly to allow a delay after new version bumps to allow vulnerabilities to be discovered and fixed before affecting go-cmp. Because of that, it is important to enable the "security updates" on the config, mentioned in the issue, because it enables dependabot to send out of schedule PRs in case of a security patch being released.
Closes #347
Here is a dependabot configuration that enables version updates for github workflows and groups them in a single PR to avoid multiple PRs
It is schedule to run monthly to allow a delay after new version bumps to allow vulnerabilities to be discovered and fixed before affecting go-cmp. Because of that, it is important to enable the "security updates" on the config, mentioned in the issue, because it enables dependabot to send out of schedule PRs in case of a security patch being released.