Add `dependabot.yml` to the list

Question

Add `dependabot.yml` to the list

atombrella opened this issue 3 years ago · 1 comments

Thank you for this overview. GitHub's vulnerability scanner is not part of the overview. .github/dependabot.yml will enable PRs from dependabot with updates of vulnerable packages.

https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates#configuration-options-for-updates

Answer 1 · 2022-02-21T16:47:53.000Z

Done. Thank you for this!