Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
exclude provided and optional dependencies from submission
This makes it easier to use the dependabot security report for artifacts that actually come in as transitive dependencies for our users. The chance that an advisory for an optional/provided/test/built-time dependency actually impacts our build seems to small to justify the noise it adds. Fixes #1553
- Loading branch information