Closed nathannaveen closed 2 years ago
I used dependency bot for a few years and didn’t find it really useful.
Instead I:
pnpm update
in the beginning of any work.Also Dependabot is useless here because we use pnpm
https://github.com/dependabot/dependabot-core/issues/1736
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.
Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot
GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool Signed-off-by: nathannaveen 42319948+nathannaveen@users.noreply.github.com