From b5cd705d40ab5b22974eacfbe430443e506f8dae Mon Sep 17 00:00:00 2001 From: Arnout Engelen Date: Thu, 7 Nov 2024 14:20:47 +0100 Subject: [PATCH] exclude provided and optional dependencies from submission This makes it easier to use the dependabot security report for artifacts that actually come in as transitive dependencies for our users. The chance that an advisory for an optional/provided/test/built-time dependency actually impacts our build seems to small to justify the noise it adds. Fixes #1553 --- .github/workflows/dependency-graph.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 407102e48d..ca3cfcf16c 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -20,3 +20,5 @@ jobs: - name: Install sbt uses: sbt/setup-sbt@v1 - uses: scalacenter/sbt-dependency-submission@v2 + with: + configs-ignore: compile-internal optional