Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable dependabot to get security updates #3306

Open
wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

Enable dependabot to get security updates #3306

wants to merge 1 commit into from

Conversation

neilnaveen
Copy link

https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically

Having knowledge about vulnerabilities of the dependencies helps the project owners decide on their
dependencies security posture to make decisions.

If the project decides to get updates only on security updates and not on any version updates then
setting these options would not open any PR 's open-pull-requests-limit: 0

@neilnaveen
Enable dependabot to get security updates
9deadc7 
https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically

Having knowledge about vulnerabilities of the dependencies helps the project owners decide on their
dependencies security posture to make decisions.

If the project decides to get updates only on security updates and not on any version updates then
setting these options would not open any PR 's open-pull-requests-limit: 0
@vizipi
Copy link

vizipi bot commented Oct 11, 2021

Pull request analysis by VIZIPI

Below you will find who is the most qualified team member to review your code.
This analysis includes his/her work on the code included in this Pull request, in addition to their experience in code affected by these changes ( partly found within the list of potential missing files below )   Feedback always welcome

No other active qualified developers found to review these specific changes. You might consider involving more team members with these code segments.

Potential missing files from this Pull request

No files found with a 40% threashold :)
No commonly committed files found with a 40% threashold

Committed file ranks

(click to expand)
  • 0.00%[.github/dependabot.yml]

    • @codecov
    Copy link

    codecov bot commented Oct 11, 2021
    edited
    Loading

    Codecov Report

    Merging #3306 (9deadc7) into dev (91eed51) will not change coverage.
    The diff coverage is n/a.

    Impacted file tree graph

    @@           Coverage Diff           @@
##              dev    #3306   +/-   ##
=======================================
  Coverage   92.95%   92.95%           
=======================================
  Files         610      610           
  Lines       22981    22981           
  Branches     1878     1878           
=======================================
  Hits        21363    21363           
  Misses       1446     1446           
  Partials      172      172

    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers
    No reviews
    Assignees
    No one assigned
    Labels
    None yet
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    1 participant
    @neilnaveen