Skip to content

chore: Create dependabot.yml to enable dependabot #317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 27, 2023
Merged

chore: Create dependabot.yml to enable dependabot #317

merged 1 commit into from
Jun 27, 2023

Conversation

hjgraca
Copy link
Contributor

@hjgraca hjgraca commented Jun 23, 2023

Please provide the issue number

Issue number: #316

Summary

Enabling dependabot for the repository. This will give us a better understanding of dependency security vulnerabilities and keep up to date with latest versions.

View alerts about dependencies that are known to contain security vulnerabilities, and choose whether to have pull requests generated automatically to update these dependencies. For more information, see "About Dependabot alerts" and "About Dependabot security updates."

Changes

Please provide a summary of what's being changed

Add dependabot.yml
Follow guide docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide#enabling-dependabot-for-your-repository

User experience

Please share what the user experience looks like before and after this change

Checklist

Please leave checklist items unchecked if they do not apply to your change.

Is this a breaking change?

RFC issue number:

Checklist:

  • Migration process documented
  • Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Disclaimer: We value your time and bandwidth. As such, any pull requests created on non-triaged issues might not be successful.

@hjgraca
Create dependabot.yml
1444a91 
Signed-off-by: Henrique Graca <[email protected]>
@auto-assign auto-assign bot requested review from amirkaws and sliedig June 23, 2023 15:06
@boring-cyborg boring-cyborg bot added github-actions Changes in GitHub workflows internal Maintenance changes labels Jun 23, 2023
@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 23, 2023
@hjgraca hjgraca linked an issue Jun 23, 2023 that may be closed by this pull request
Maintenance: Enable dependabot to repository #316
Closed
1 task
@codecov-commenter
Copy link

Codecov Report

Patch and project coverage have no change.

Comparison is base (6a46c4e) 69.08% compared to head (1444a91) 69.08%.

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

Additional details and impacted files 
@@           Coverage Diff            @@
##           develop     #317   +/-   ##
========================================
  Coverage    69.08%   69.08%           
========================================
  Files           79       79           
  Lines         3448     3448           
========================================
  Hits          2382     2382           
  Misses        1066     1066
Flag Coverage Δ
unittests 69.08% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

amirkaws
amirkaws approved these changes Jun 27, 2023
View reviewed changes
Copy link
Contributor

@amirkaws amirkaws left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hjgraca hjgraca merged commit 6298b82 into develop Jun 27, 2023
@hjgraca hjgraca deleted the hjgraca-add-dependabot branch June 27, 2023 09:05
@hjgraca hjgraca mentioned this pull request Jun 27, 2023
Merged
7 tasks
@github-actions github-actions bot added the pending-release Fix or implementation already in dev waiting to be released label Jun 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amirkaws amirkaws amirkaws approved these changes

@sliedig sliedig Awaiting requested review from sliedig

Assignees
No one assigned
Labels
github-actions Changes in GitHub workflows internal Maintenance changes pending-release Fix or implementation already in dev waiting to be released size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Maintenance: Enable dependabot to repository
3 participants
@hjgraca @codecov-commenter @amirkaws