Disable dependabot
softwaredoug opened this issue · 2 comments
In our PR party, we discussed disabling dependabot on this repo
- We don't have tests (though we might look into adding some)
- This is a set of demos, not prod ready...
Thanks @softwaredoug for assinging me this!
So, there seem to be two "types" of Dependabot PR's... Security ones and then just general "your dependency is out of date".
The only project under o19s umbrella that has the "your dependency is out of date" setting is @worleydl's searchviz project: https://app.dependabot.com/accounts/o19s/ and the settings are at https://github.com/organizations/o19s/settings/installations/682369
However, it appears that Github has some defaults around the first category of Security features: https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-updates. You can disable that via the Security feature at the top.
I will go ahead and flip the Security alerting bit for this project. ;-)
We could IDS if we want to audit all of our open source projects, or just know how to do it and then do it as they come up. I agree that it can be kind of noisy!
Correction, the parameter to flip is under Data services in settings!