Fixes: https://github.com/usds/justice40-tool/issues/1121
It's unclear whether this file is doing what we want it to do. This is
an open issue in the dependabot repo. Added a comment to document the
current status of what's going on here.
If these keep coming up (which they probably will), we might either want
to disable dependabot or document a quick workflow for verifying this is
a dev only issue (https://github.com/usds/justice40-tool/issues/1121
might be that documentation).
Showing obscure vulnerabilities that only exist in the dev setup creates
more noise and means that they just get ignored (because they are
probably low priority). Silencing them means when we get a vulnerable
dependency alert we know to pay attention to it.
Comes from https://github.com/dependabot/dependabot-core/issues/2521 and
501bbef578.
