Skip to content

Commit

Permalink
exclude provided and optional dependencies from submission
Browse files Browse the repository at this point in the history
This makes it easier to use the dependabot security report for artifacts
that actually come in as transitive dependencies for our users. The
chance that an advisory for an optional/provided/test/built-time
dependency actually impacts our build seems to small to justify the
noise it adds.

Fixes #1553
  • Loading branch information
raboof committed Nov 7, 2024
1 parent bcd44ee commit b5cd705
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/dependency-graph.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,3 +20,5 @@ jobs:
- name: Install sbt
uses: sbt/setup-sbt@v1
- uses: scalacenter/sbt-dependency-submission@v2
with:
configs-ignore: compile-internal optional

0 comments on commit b5cd705

Please sign in to comment.