forked from dependabot/demo
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fb43a2a
commit 33b8fa8
Showing
1 changed file
with
30 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,39 @@ | ||
<h1 align="center"> | ||
<div align="center"> | ||
<picture> | ||
<source media="(prefers-color-scheme: light)" srcset="https://user-images.githubusercontent.com/7659/174594540-5e29e523-396a-465b-9a6e-6cab5b15a568.svg"> | ||
<source media="(prefers-color-scheme: dark)" srcset="https://user-images.githubusercontent.com/7659/174594559-0b3ddaa7-e75b-4f10-9dee-b51431a9fd4c.svg"> | ||
<img src="https://user-images.githubusercontent.com/7659/174594540-5e29e523-396a-465b-9a6e-6cab5b15a568.svg" alt="Dependabot" width="336"> | ||
</picture> | ||
</h1> | ||
</div> | ||
|
||
# Dependabot Demo Repository | ||
## Dependabot Demo Repository | ||
|
||
This repo contains some projects with outdated dependencies. Fork it to try out | ||
Dependabot :dependabot:! | ||
|
||
### Enabling Security Updates | ||
|
||
- In your fork, click the **Settings** tab | ||
- In the left hand side navigation, click **Code security and analysis** | ||
- Enable **Dependabot security updates** or **Grouped security updates** | ||
- Dependabot will now start creating PRs for detected security vulnerabilities | ||
- Go into the **Security** tab and click **Dependabot** in the left hand side navigation to see what Dependabot is working on | ||
|
||
<img width="929" alt="screenshot showing Dependabot working on Security Updates" src="https://github.com/dependabot/demo/assets/886768/9295c61a-631b-4c56-9c00-ff078874f362"> | ||
|
||
After about 5 minutes you should see some PRs open. Merge them and the Securty Alerts will close 🎉 | ||
|
||
### Enabling Version Updates | ||
|
||
This demo includes a `dependabot.yml` which configures [Version Updates](https://docs.github.com/github/administering-a-repository/keeping-your-dependencies-updated-automatically), but forks don't automatically start with Dependabot enabled. | ||
|
||
The enable Dependabot on your fork: | ||
- Click the **Insights** tab | ||
- In the left hand side navigation, click **Dependency Graph** | ||
- Click on the **Dependabot** tab | ||
- Click on the **Enable Dependabot** button | ||
- After a moment, refresh the page and you should see Dependabot hard at work | ||
|
||
<img width="917" alt="screenshot showing Dependabot working on Version Updates" src="https://github.com/dependabot/demo/assets/886768/4adf5727-255a-4ae1-97f7-70e94dc1134b"> | ||
|
||
After a few minutes, you should get some more PRs! |