search

Boavizta / boaviztapi

🛠 Giving access to BOAVIZTA reference data and methodologies trough a RESTful API
GNU Affero General Public License v3.0
69 stars 23 forks source link

Improve our security posture by allowing dependabot to open PR #302

Open demeringo opened 2 hours ago

demeringo commented 2 hours ago

Problem

On this repository, dependabot is configured to rise security alerts on dependencies (See https://github.com/Boavizta/boaviztapi/security/dependabot), but the job to create and test the related PR remains manual.

Solution

  1. Configure the test workflow to run on any PR (see #301)
  2. Configure dependabot to automatically open PR about dependencies updates.

Alternatives

Additional context or elements

da-ekchajzer commented 2 hours ago

Great idea