Enable dependabot package and security updates

pact-foundation / pact-jvm

JVM version of Pact. Enables consumer driven contract testing, providing a mock service and DSL for the consumer project, and interaction playback and verification for the service provider project.

https://docs.pact.io

Apache License 2.0

1.08k stars 479 forks source link

Enable dependabot package and security updates #1656

Open mefellows opened 1 year ago

mefellows commented 1 year ago

The current dependabot configuration doesn't automatically raise PRs for Java packages, including security vulnerabilities.

See https://github.com/pact-foundation/pact-jvm/edit/master/.github/dependabot.yml

There has been no security advisories or PRs raised before either, which warrants a review.

github-actions[bot] commented 1 year ago

👋 Thanks, Jira [PACT-649] ticket created.

github-actions[bot] commented 1 year ago

👋 Thanks, this ticket has been added to the PactFlow team's backlog as PACT-650