From 83eb7b0982228c517b4650a5d38a219d18fd33a1 Mon Sep 17 00:00:00 2001
From: Shaun Verch <Shaun.M.Verch@omb.eop.gov>
Date: Mon, 13 Dec 2021 13:54:59 -0500
Subject: [PATCH] Silence dev only vulnerabilities (#1041)

Showing obscure vulnerabilities that only exist in the dev setup creates
more noise and means that they just get ignored (because they are
probably low priority). Silencing them means when we get a vulnerable
dependency alert we know to pay attention to it.

Comes from https://github.com/dependabot/dependabot-core/issues/2521 and
https://github.com/hpcc-systems/Tombolo/commit/501bbef57817a9a46498095fdbd2e1e7a6ce62fa.
---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..cda0160a
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/**"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-type: "production"