mirror of
https://github.com/johannesjo/super-productivity.git
synced 2026-07-18 00:46:45 +00:00
- Monthly/weekly update frequency reduces the window of exposure but the addition of a cooldown should help narrow it further. - Implemented as suggested in this gist: https://gist.github.com/mcollina/b294a6c39ee700d24073c0e5a4e93104 - I've opted to use the more conservative 3-day cooldown as this is the default in some tools. - Dependabot needs to be adjusted in combination with .npmrc to avoid creating PRs that can't succeed. Ref. https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference#cooldown- |
||
|---|---|---|
| .. | ||
| actions/setup-e2e | ||
| annotations | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| dependabot.yml | ||
| FUNDING.yml | ||
| PULL_REQUEST_TEMPLATE.md | ||
| SECURITY-SETUP.md | ||