update dependabot to auto bump deps and enable CVE detect

2026-05-17 10:15:22 +00:00 · 2023-10-03 20:16:56 +08:00
parent fb7ee2f487
commit a7e065ddb4
1 changed files with 8 additions and 0 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,3 +4,11 @@ updates:
  directory: "/"
  schedule:
      interval: "weekly"
+
+- package-ecosystem: gomod
+  directory: "/"
+  schedule:
+    interval: "weekly"
+  open-pull-requests-limit: 10
+  vulnerability-alerts:
+    enabled: true