3

How do I run the dependabot against the feature branches?

What i m trying to do is to find the vulnerabilities of the third-party packages(Not in the default branch)

Here is my dependabot.yml file configuration which is stored in the .github directory

version: 2
updates:
- package-ecosystem: npm
  directory: "/"
  schedule:
    interval: "daily"
  open-pull-requests-limit: 10
  # Only allow updates to the lockfile
  versioning-strategy: lockfile-only
  target-branch: feat/IDPDI-1441

But when I pushed still the dependabot is running against the master branch not in feature branch

Note: My application is an angular application

shamon shamsudeen
  • 5,466
  • 17
  • 64
  • 129
  • 1
    Have you tried putting your target branch in to double-quotes, like `target-branch: "feat/IDPDI-1441"` ? According to documentation it has to be in double quotes. At least it works for me like this. And you can see any log errors if you click in Github while in your project to Insights>Dependancy Graph>Dependancies>View Dependabot alerts. And from the Dependabot tab>click on the .josn file to trigger a new check. – stamstam Apr 14 '22 at 11:05
  • did you resolve this? double quotes does not work for me and it still loads from master branch – Vojtěch Jun 21 '22 at 04:38

0 Answers0