The docs here state that they are excluded https://docs.github.com/en/copilot/concepts/agents/code-review#excluded-files
But it would be highly appropriate for the agent to scan the files for newly introduced deps that could potentially include malware and also flag vulnerable dependencies, suggest alternative packages, surface deprecation info, support status etc.
The docs here state that they are excluded https://docs.github.com/en/copilot/concepts/agents/code-review#excluded-files
But it would be highly appropriate for the agent to scan the files for newly introduced deps that could potentially include malware and also flag vulnerable dependencies, suggest alternative packages, surface deprecation info, support status etc.