From 1632f5b0e2fbfdaa5be31d12240c089383b5af11 Mon Sep 17 00:00:00 2001
From: Benjamin Brahmer <info@b-brahmer.de>
Date: Tue, 24 Oct 2023 12:25:11 +0200
Subject: [PATCH] adjust dependabot, remove allowEvalScript()

Signed-off-by: Benjamin Brahmer <info@b-brahmer.de>
---
 .github/dependabot.yml            | 2 +-
 lib/Controller/PageController.php | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f863df114b..fbf793116b 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,7 +7,7 @@ version: 2
 updates:
   # Maintain dependencies for npm
   - package-ecosystem: "npm"
-    directory: "/js"
+    directory: "/"
     schedule:
       interval: "daily"
     labels:
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index 41d0e7f89c..abdd3f2f78 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -96,7 +96,6 @@ public function index(): TemplateResponse
         $csp->addAllowedImageDomain('*')
             ->addAllowedMediaDomain('*')
             ->addAllowedConnectDomain('*')// chrome breaks on audio elements
-            ->allowEvalScript(true)
             ->addAllowedFrameDomain('https://youtube.com')
             ->addAllowedFrameDomain('https://www.youtube.com')
             ->addAllowedFrameDomain('https://player.vimeo.com')