Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add dependabot for monitoring Go and GitHub Actions dependencies #19

Merged

Conversation

rdimitrov
Copy link
Contributor

The following PR adds Dependabot to the go-securesystemslib project for monitoring its Go and GitHub Actions dependencies.

It has been motivated by the recent vulnerability found in gopkg.in/yaml.v3 v3.0.0 which got flagged in go-tuf. Upon further debugging it was found to be a transitive dependency from github.com/stretchr/testify.

Signed-off-by: Radoslav Dimitrov [email protected]

@coveralls
Copy link

coveralls commented May 30, 2022

Pull Request Test Coverage Report for Build 2410117709

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 94.068%

Totals Coverage Status
Change from base Build 2409359612: 0.0%
Covered Lines: 222
Relevant Lines: 236

💛 - Coveralls

@adityasaky adityasaky merged commit ca1f07d into secure-systems-lab:main May 30, 2022
@adityasaky
Copy link
Member

Thanks, @rdimitrov!

@rdimitrov rdimitrov deleted the dimitrovr/add-dependabot branch May 30, 2022 21:00
adityasaky added a commit to adityasaky/in-toto-golang that referenced this pull request Jun 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants