mirror of
https://github.com/pnpm/pnpm.git
synced 2026-06-27 01:15:27 -04:00
9de161c386
Mark fixture trees (package.json, lockfiles) as linguist-generated in .gitattributes so GitHub's dependency graph ignores them. This stops Dependabot from raising alerts and opening automatic security-update PRs for packages that appear in fixtures only as test data — e.g. the js-cookie bump in pnpm/pnpm#11840. The `@pnpm/test-fixtures` helper package is real source and is intentionally left unmarked.
15 lines
622 B
Plaintext
15 lines
622 B
Plaintext
* text eol=lf
|
|
|
|
*.tgz binary
|
|
|
|
# Test fixtures embed package.json/lockfiles that name real packages purely as
|
|
# test data, never as dependencies we install. Mark the fixture trees as
|
|
# generated so GitHub's dependency graph (and therefore Dependabot alerts and
|
|
# automatic security PRs) ignores them. This also collapses fixtures in diffs.
|
|
# The `@pnpm/test-fixtures` helper package (__utils__/test-fixtures) is real
|
|
# source, so it is intentionally not matched here.
|
|
**/fixtures/** linguist-generated
|
|
**/__fixtures__/** linguist-generated
|
|
**/findPackages-fixtures/** linguist-generated
|
|
pnpr/.fixtures/** linguist-generated
|