search

urbanplatform / django-keycloak-auth

Middleware to allow authorization using Keycloak and Django for django-rest-framework (DRF). This package should only be used in projects starting from scratch, since it overrides the users' management.
MIT License
32 stars 14 forks source link

Enable dependabot #42

Closed moritz89 closed 1 year ago

moritz89 commented 1 year ago

Is your feature request related to a problem? Please describe. Provides an automated vulnerability report and MRs to fix vulnerable dependencies

Describe the solution you'd like Enable Github's dependabot in the settings

Describe alternatives you've considered Integrating safety check in the Github actions

uw-rvitorino commented 1 year ago

What would we need to add in the configuration file, any thoughts? I haven't done it before, tbh, and this is what appears when I enable dependabot in the repo, I don't know if it/what is enough:

# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

version: 2
updates:
  - package-ecosystem: "" # See documentation for possible values
    directory: "/" # Location of package manifests
    schedule:
      interval: "weekly"
moritz89 commented 1 year ago

package-ecosystem: pip

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem

That's all, I think. For my repo I did not have to add it manually, only enabled it in the settings :man_shrugging:

uw-rvitorino commented 1 year ago

I believe it's done, please confirm!

moritz89 commented 1 year ago

Looks good! https://github.com/urbanplatform/django-keycloak-auth/network/updates --> Dependabot