mirror of
https://github.com/status-im/status-go.git
synced 2025-01-09 14:16:21 +00:00
9e2e94d851
see for details : https://dependabot.com/docs/config-file/#allowed_updates ## Why make the change? @dependabot makes PRs for upgrading dependencies, but it doesn't automatically call `make vendor`, which is a problem because that means any merge for a @dependabot PR will require manual intervention. I've looked through the @dependabot PR history and there has never been a successfully merged PR. [See here](https://github.com/status-im/status-go/pulls?q=is%3Apr+author%3Aapp%2Fdependabot-preview+is%3Aclosed) If we are going to use this service we should only be warned of security updates, until we can implement a `make-vendor-bot` to automatically update the vendored files. ## What has changed? Changed @dependabot settings to only make a PR for security updates.