Closed moritz89 closed 1 year ago
What would we need to add in the configuration file, any thoughts? I haven't done it before, tbh, and this is what appears when I enable dependabot in the repo, I don't know if it/what is enough:
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"
package-ecosystem: pip
That's all, I think. For my repo I did not have to add it manually, only enabled it in the settings :man_shrugging:
I believe it's done, please confirm!
Looks good! https://github.com/urbanplatform/django-keycloak-auth/network/updates --> Dependabot
Is your feature request related to a problem? Please describe. Provides an automated vulnerability report and MRs to fix vulnerable dependencies
Describe the solution you'd like Enable Github's dependabot in the settings
Describe alternatives you've considered Integrating
safety
check in the Github actions