Closed afeld closed 5 years ago
Ha, totally forgot I pitched a 10x project around this.
Unfortunately, not seeing an API/setting to enable automated security fixes en masse. Emailed GitHub Support about it. Could maybe click through with Puppeteer in the meantime.
From GitHub Support:
You're in luck—the Enable automated security fixes and Disable automated security fixes API endpoints are currently available for developers to preview.
In addition, theÂ
enable-security-alerts-for-org.js
 script in theÂgithub/enable-security-alerts-sample
 repository can be used to enable security vulnerability alerts in all of the repositories in a given organization.
Will be going through and unarchiving ones I know to be in use, and as requested by TTS.
Proposal to make the letter a blog post: https://github.com/18F/blog-drafts/issues/743
Done! Open issues / pull requests are linked.
We need to ensure that software packages with known vulnerabilities are updated in a timely manner. In the two days since I got added as a GitHub owner yesterday, I have gotten 33 "One of your dependencies has a security vulnerability" emails from GitHub 🙀