Objective
Automate vulnerability scanning and resolution for dependencies across the codebase by introducing a standard Dependabot configuration.
Tasks & Requirements
Create and commit a .github/dependabot.yml configuration file to the root of the repository with the following specifications:
- Security Updates: Configure security updates to run daily for all relevant dependency ecosystems used in the project (e.g.,
poetry for Python/Flask, pnpm for Node/Firebase).
- Version Updates: Configure routine version updates on a weekly schedule to scan for non-vulnerable updates and keep dependencies current.
- Default Reviewers: Automatically assign the default reviewer group to the pull requests
Objective
Automate vulnerability scanning and resolution for dependencies across the codebase by introducing a standard Dependabot configuration.
Tasks & Requirements
Create and commit a
.github/dependabot.ymlconfiguration file to the root of the repository with the following specifications:poetryfor Python/Flask,pnpmfor Node/Firebase).