Closed coliff closed 9 months ago
Is this really necessary? The only dependencies currently being added in other PRs seems to be just prettier. Which is a dev only dependency that has no security impacts or other considerations for the resulting package. Setting this up now seems premature.
It's not 'necessary', but I think it's still a useful addition. It's good to keep prettier up-to-date as new versions have improvements and bug fixes and maybe other dev dependencies might be added in the future. Keeping GitHub Actions up-to-date is useful too. Adding this doesn't cost anything so I can't think of any downsides to adding this.
help keep dependencies up-to-date - updates npm and GitHub Actions. I set update interval to monthly so you're not bothered every week, but feel free to adjust of course.