mirror of
https://github.com/inventree/InvenTree.git
synced 2025-06-19 05:25:42 +00:00
Improve reproduciblity of image (#7120)
* hard-pin doc requirements * update docs and commands * hard pin container requirements * check hashes in image build * remove seperate uv install (is in base_requirements) * containers already ships 3.11 - adjust packaging * move build deps to general ci requirements * install yarn using native tools Closes https://github.com/inventree/InvenTree/security/code-scanning/95 Closes https://github.com/inventree/InvenTree/security/code-scanning/96 * merge install steps * adapt install command args to be similar * adapt docs to suggest safer install arg * fix install path * update dependabot settings
This commit is contained in:
Matthias Mair
GitHub
9
.github/dependabot.yml
vendored
9
.github/dependabot.yml
vendored
@ -24,7 +24,12 @@ updates:
|
||||
schedule:
|
||||
interval: weekly
|
||||
|
||||
- package-ecosystem: npm
|
||||
- package-ecosystem: pip
|
||||
directory: /.github
|
||||
schedule:
|
||||
interval: weekly
|
||||
|
||||
- package-ecosystem: pip
|
||||
directory: /src/backend
|
||||
schedule:
|
||||
interval: weekly
|
||||
@ -33,7 +38,7 @@ updates:
|
||||
patterns:
|
||||
- "*" # Include all dependencies
|
||||
|
||||
- package-ecosystem: pip
|
||||
- package-ecosystem: npm
|
||||
directory: /src/backend
|
||||
schedule:
|
||||
interval: weekly
|
||||
|
||||
Reference in New Issue
Block a user