🔥 3-day streak
Microsoft DevOps Engineer Expert99 / 138
Question 99 of 138
Your team maintains a Node.js repository on GitHub. Security leadership requires that vulnerable dependencies be automatically patched as soon as a fix is published, but they also want to avoid the noise of routine, non-security version bump pull requests that currently overwhelm reviewers. You have a dependabot.yml file that enables the package-ecosystem for npm. Which configuration approach meets both requirements?
Reviewed for accuracy · Report an issueNext question