Closed fingolfin closed 7 months ago
james-d-mitchell
commented
7 months ago Thanks, I also tried to add this for Digraphs I think but simply adding the file didn't seem to enable anything (certainly no PR's have been opened by dependabot), do I have to enable something else too?
fingolfin
commented
7 months ago I don't recall doing anything special for GAP, but perhaps something needs to be enabled in https://github.com/semigroups/Semigroups/settings/security_analysis ?
fingolfin
commented
7 months ago Also nothing will happen before this PR is merged
james-d-mitchell
commented
7 months ago Thanks @fingolfin, I can't see anything to turn at the link you mention. Hopefully this'll just work!
james-d-mitchell
commented
7 months ago Seems to have worked, I wonder if the difference is that this PR targets main and I merged the dependabot file into stable-1.6 of Digraphs.
fingolfin
commented
7 months ago Ah, quite likely
I've noticed warnings at e.g. https://github.com/semigroups/Semigroups/actions/runs/7628515256 node12 versus nod16 etc. etc. due to the use of the outdated
codecov/codecov-action@v2. Using Dependabot helps avoid this by ensuring GH Actions are always used in their most up-to-date version.