-
Notifications
You must be signed in to change notification settings - Fork 59.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #18146 from github/supported-ecosystems-clarification
Add clarification before dependency graph ecosystem table
- Loading branch information
Showing
1 changed file
with
3 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -64,6 +64,9 @@ When the dependency graph is first enabled, any manifest and lock files for supp | |
|
||
The recommended formats explicitly define which versions are used for all direct and all indirect dependencies. If you use these formats, your dependency graph is more accurate. It also reflects the current build set up and enables the dependency graph to report vulnerabilities in both direct and indirect dependencies.{% if currentVersion == "free-pro-team@latest" %} Indirect dependencies that are inferred from a manifest file (or equivalent) are excluded from the checks for vulnerable dependencies.{% endif %} | ||
|
||
{% if currentVersion == "free-pro-team@latest" %}The ecosystems listed below are supported for the dependency graph, {% data variables.product.prodname_dependabot_alerts %}, and {% data variables.product.prodname_dependabot_security_updates %}.{% endif %} | ||
{% if currentVersion ver_gt "[email protected]" %}The ecosystems listed below are supported for the dependency graph and {% data variables.product.prodname_dependabot_alerts %}.{% endif %} | ||
|
||
| Package manager | Languages | Recommended formats | All supported formats | | ||
| --- | --- | --- | ---| | ||
| Composer | PHP | `composer.lock` | `composer.json`, `composer.lock` | | ||
|