Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Mention renovatebot's settings #1575

Merged
merged 4 commits into from
Jan 31, 2022
Merged

Conversation

laurentsimon
Copy link
Contributor

Explicitly say that renovatebot can help migrate from version pinning to hash pinning via a setting.
See dependabot/dependabot-core#3699 (comment)

@laurentsimon laurentsimon requested a review from olivekl as a code owner January 31, 2022 19:28
@laurentsimon laurentsimon enabled auto-merge (squash) January 31, 2022 19:28
@laurentsimon laurentsimon temporarily deployed to integration-test January 31, 2022 19:28 Inactive
@laurentsimon laurentsimon temporarily deployed to integration-test January 31, 2022 19:29 Inactive
@github-actions
Copy link

Integration tests success for
[27d125a]
(https://github.com/ossf/scorecard/actions/runs/1774508844)

@github-actions
Copy link

Integration tests success for
[d28df6e]
(https://github.com/ossf/scorecard/actions/runs/1774505189)

Copy link
Member

@naveensrinivasan naveensrinivasan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@naveensrinivasan naveensrinivasan temporarily deployed to integration-test January 31, 2022 22:22 Inactive
@github-actions
Copy link

Integration tests success for
[b3a64b8]
(https://github.com/ossf/scorecard/actions/runs/1775215169)

@@ -78,6 +78,10 @@ checks:
be enabled for forks where security updates have ever been turned on so projects
maintaining stable forks should evaluate whether this behavior is satisfactory
before turning it on.
- >-
Unlike dependabot, renovatebot has support to migrate dockerfiles' dependencies from version pinning to hash pinning
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: might come across as if we are putting down dependabot. Consider changing to:

Renovatebot supports migrating Dockerfile dependencies from ...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I thought conversation resolution before merging should stop this PR from being merged, lol.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it should have!

@laurentsimon laurentsimon merged commit cbbfebb into ossf:main Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants