-
-
Notifications
You must be signed in to change notification settings - Fork 777
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Create dependabot.yml file for dependabot to create pull requests #3843
Comments
This comment was marked as resolved.
This comment was marked as resolved.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
Hi @one2code, thank you for taking up this issue! Hfla appreciates you :) Do let fellow developers know about your:- You're awesome! P.S. - You may not take up another issue until this issue gets merged (or closed). Thanks again :) |
Availability: 11 AM - 5PM EST on 4/20/23, 1-4 PM EST on 4/21/23, and available to answer questions at various times between 8 PM -4 AM between 4/21/23 - 4/23/23 |
Progress: Reviewed relevant documentation and began creating the config file on a new branch |
Progress: Created the Dependabot.yml file based on the package managers listed in the package.json/lock file, and enabled version and security updates on my fork |
Progress: The Dependabot configuration file is now being read, as determined in insights>dependency graph>dependabot Blockers: Difficulty in testing Github Actions without merging (create-dependabot.yml#3843 not found). Trying to find a way to test on a different branch. Tried changing the target-branch to "/", same issue persists. The npm package manifest is also not located in root, which will have to be resolved later. Availability: Afternoon 5/10/23, evening 5/12/23, and afternoon 5/13 + 5/14 EST ETA: 5/14/23 |
@one2code So it looks like we did do it correctly. It looks like Github no longer creates a public PR but sends an email instead. So check your emails... |
Actually it did create pr's in my repo... |
….com/hackforla/website into hackforla-create-dependabot.yml-hackforla#3843
…ndabot.yml-#3843 Hackforla create dependabot.yml hackforla#3843
….com/one2code/website into create-dependabot.yml-hackforla#3843
PR 4733 associated with this issue has been merged. |
Overview
GH Dependabot has been enabled to issue alerts for vulnerabilities and security. Therefore we need a configuration file, dependabot.yml, to create pull requests so that we maintain up to date security in our repo.
Action Items
Resources/Instructions
The text was updated successfully, but these errors were encountered: