tuxji commented on a change in pull request #26:
URL: https://github.com/apache/daffodil-vscode/pull/26#discussion_r728139011
##########
File path: yarn.lock
##########
@@ -0,0 +1,4249 @@
+# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
Review comment:
There's an easier way - let dependabot do some of the work. Dependabot
can scan yarn.lock for security vulnerabilities and issue daily, weekly, or
monthly PRs bumping vulnerable dependencies for you if you add a
~/.github/dependabot.yml configuration file to your repository
(<https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates>).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
