From 773cd41b385dedd2b9c2856fbc82cf3561f3368a Mon Sep 17 00:00:00 2001 From: Arnout Engelen Date: Thu, 7 Nov 2024 14:20:47 +0100 Subject: [PATCH] exclude provided and optional dependencies from submission This makes it easier to use the dependabot security report for artifacts that actually come in as transitive dependencies for our users. The chance that an advisory for an optional/provided/test/built-time dependency actually impacts our build seems to small to justify the noise it adds. Fixes #1553 --- .github/workflows/dependency-graph.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index c7c14feb36..898a0ef7f1 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -20,3 +20,5 @@ jobs: - name: Install sbt uses: sbt/setup-sbt@v1 - uses: scalacenter/sbt-dependency-submission@v3 + with: + configs-ignore: compile-internal optional test