nhsuk-frontend icon indicating copy to clipboard operation
nhsuk-frontend copied to clipboard
verified publisher icon nhsuk

Add dependabot config

Open frankieroberto opened this issue 1 year ago • 2 comments

This sets up Dependabot to monitor for both updates to GitHub Actions and NPM packages.

See Dependabot configuration for the different options.

Open to suggestions on the best update frequencies!

frankieroberto avatar Oct 23 '24 18:10 frankieroberto

I think monthly for both. Daily is too frequent and noisy, and sometimes you want to wait to make sure there are not further patches on previous patches.

paulrobertlloyd avatar Oct 23 '24 19:10 paulrobertlloyd

@paulrobertlloyd yeah that might make sense, especially for a frontend library which is only released every few weeks anyway. I think Dependabot might still flag security updates more quickly?

frankieroberto avatar Oct 23 '24 19:10 frankieroberto