nicholasjhenry
commented
2 years ago I wonder if npm-audit is necessary now that dependabot is built into GitHub.
Open nicholasjhenry opened 2 years ago
nicholasjhenry
commented
2 years ago I wonder if npm-audit is necessary now that dependabot is built into GitHub.
I would suggest moving npm-audit to a nightly schedule on CI. This will avoid having to deal with audit issues in a feature PR or getting a build error when it has been merged into the
devormainbranches.