From 1d4f77c365553acfa7a60da3819f7dac432f5c07 Mon Sep 17 00:00:00 2001
From: Jack Wilson <129167676+jackwilson323@users.noreply.github.com>
Date: Wed, 14 Aug 2024 14:36:09 +0100
Subject: [PATCH] Update Socket config (#9005)

This PR updates the configuration for [Socket](https://socket.dev/), our
supply chain security tool. The change:

- Prevents Socket from commenting on PRs with dependency alerts.
- Stops Socket from showing dependency overviews within PRs
- Keeps Socket running in the background.

The intention is to reduce potential noise in PRs, while still giving us
overall health and supply chain security insights behind the scenes.

To Review
- [ ] Check the docs here: https://docs.socket.dev/docs/socket-yml, and
verify that the behavior described in the docs matches what I have
described above.
- [ ] Check I've not made any silly syntax errors in the config.
---
 socket.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/socket.yaml b/socket.yaml
index 7e8e8d3a623c9..be5ba5946fd1e 100644
--- a/socket.yaml
+++ b/socket.yaml
@@ -1,6 +1,12 @@
 # top level version field is required
 version: 2
 
+githubApp:
+  enabled: true
+  pullRequestAlertsEnabled: false
+  dependencyOverviewEnabled: false
+  projectReportsEnabled: true
+
 projectIgnorePaths:
   - turborepo-tests
   - packages/turbo-codemod/__tests__/