Enable Dependabot

usds · Mar 9, 2024 · 0b66098 · 0b66098
1 parent 922ed5a
commit 0b66098
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 4 deletions.
diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
diff --git a/README.md b/README.md
@@ -54,9 +54,6 @@ and `service-worker.js` are standard javascript, they are **not** transpiled
 and they don't import anything. So, some constants associated with the cache
 are duplicated and need to kept in sync.
 
-## Service-Worker
-
-
 ## Security
 Site is 100% static. All content is stored in the browser's cache and localstorage.
 
@@ -104,8 +101,10 @@ The tool loads style scripts from website staging.
 ```
 img-src 'self' https: data: blob:;
 ```
-The `https:` allows images to be loaded from anywhere. This allows the
+The `https:` allows images to be loaded from anywhere. This allows the service-worker to 
+cache images from sites that are pasted into the WYSIWYG editor.
 
+The service worker transparently passes on all requests that are not images.
 
 ## Debugging