-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ Mention renovatebot's settings #1575
Conversation
docs/checks.md: updated
Integration tests success for |
Integration tests success for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Integration tests success for |
@@ -78,6 +78,10 @@ checks: | |||
be enabled for forks where security updates have ever been turned on so projects | |||
maintaining stable forks should evaluate whether this behavior is satisfactory | |||
before turning it on. | |||
- >- | |||
Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: might come across as if we are putting down dependabot. Consider changing to:
Renovatebot supports migrating Dockerfile dependencies from ...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought conversation resolution before merging
should stop this PR from being merged, lol.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it should have!
Explicitly say that renovatebot can help migrate from version pinning to hash pinning via a setting.
See dependabot/dependabot-core#3699 (comment)