-
There are four dependabot alerts; `nth-check`, `postcss`, `@eslint/plugin-kit`, and `cross-spawn`.
I will update these to the latest versions.
-
We're currently using dependabot to auto update our deps, but dependabot only currently detects the main manifest in the project root. It would be amicable if we could adjust it so that also sub crate…
-
Look into activating dependabot on this repository for code security and automatic dependency management
-
Configure Dependabot for monthly bumps of the node dependencies.
-
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
Setup for both python, docker and studio
-
Reflex allows to specify npm deps via `library` and `lib_dependencies` string attributes of a Component.
Renovate and Dependabot will not parse such versions without additional plugins or configura…
-
Things we don't like about dependabot:
* It can't create grouped pull requests (I think it would make sense to just get one pr per week per eco system)
* There is no (easy to find) way to prevent …
-
Since about a month ago, dependabot PR doesn't trigger CI anymore.
We need to manually do a merge commit so that it triggers. It isn't blocking but slightly annoying.
-
Saw that the Dependabot PRs get added to the Backlog of the project along with everything else (naturally).
If they are not interacted with from there (?), the [add-to-project](https://github.com/a…
-
**Describe the bug**
We use the same user account to make PRs between the dependabot pipeline and another automated pipeline. Dependabot will treat the PRs generated by the other pipeline as unnecess…