-
I wonder if it might be useful to configure dependabot to differentiate between production and dev dependencies; and have them operate on different timelines.
I'm currently subscribed to all notifi…
-
**Fleet version**: `4.58.0`
### 💥 Actual behavior
There are two high severity vulnerability reports:
1. https://github.com/fleetdm/fleet/security/dependabot/268
2. https://github.com…
-
Bumps [danielpalme/ReportGenerator-GitHub-Action](https://github.com/danielpalme/reportgenerator-github-action) from 5.2.2 to 5.2.3.
Release notes
Sourced from danielpalme/ReportGenerator-GitHub-Acti…
-
We have been slacking a lot on updating our dependent library packages/libraries, so I have been working on this with the help of dependabot. Also, I have added cargo packages as the target to be upda…
-
Dependabot can't parse your dotnet-build-and-test.yml. Because of this, Dependabot cannot update this pull request.
_Originally posted by @dependabot in https://github.com/Bryan-Roe/semantic-kernel/p…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Feature description
Now that [uv has a lockfile](https://docs.astral.sh/uv/concepts/projects/#lockfile), it wo…
-
Dependabot can't parse your pyproject.toml. Because of this, Dependabot cannot update this pull request.
_Originally posted by @dependabot in https://github.com/Bryan-Roe/semantic-kernel/pull/55#issu…
-
PR generowane przez dependabota często mają problem z codecov
niby token jest pusty ale to niemożliwe
problem pojawia sie chyba tylko jak PR tworzy dependabot i nie zawsze
może nie da sie pobierać …
-
Discuss how to keep up with Dependabot's recommendations around package updates, when versions are pinned.
We need to understand when it is safe to allow merges of Dependabot PRs, without breaking the…
-
### Is there an existing issue for this?
- [X] I have searched the existing issues
### Package ecosystem
nuget
### Package manager version
_No response_
### Language version
_No r…