From f72b753057b568fc8ca21a3406c2da6bb41a9d50 Mon Sep 17 00:00:00 2001 From: Jack Weeden Date: Thu, 23 Jan 2025 09:56:50 +0000 Subject: [PATCH] Fix Dependabot config The previous couple of commits were aimed at trying to tighten the security of the Dependabot config by not allowing all dependencies to allow insecure external code execution. But it seems Dependabot only allows unique ecosystems in a file: > Update configs must have a unique combination of 'package-ecosystem', > 'directory', and 'target-branch'. Ecosystem 'bundler' has > overlapping directories. So we need to revert these changes to get Dependabot working again. --- .github/dependabot.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c968fb94..b133dda8 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,12 +1,7 @@ version: 2 updates: - package-ecosystem: bundler - directory: / - schedule: - interval: daily - - package-ecosystem: bundler - registries: - - github + registries: "*" insecure-external-code-execution: allow directory: / schedule: