Highest Voted 'dependabot' Questions

2

votes

1 answer

Wait for all other actions on a PR to complete before continuing

I essentially want all other workflows to complete before continuing and action. I'm running the workflow which requires all others to be done on a PR, and I'm using it for a dependabot automerge workflow. I've tried Wait for Check but it only works…

asked Sep 09 '22 at 21:02

Roach The Bug

21
1

2

votes

2 answers

Azure devops NPM Authentication in dependabot.yml

I currently have the following pipeline working: schedules: - cron: "0 20 * * FRI" displayName: 'Weekly Run' always: true branches: include: - 'develop' trigger: none variables: DEPENDABOT_EXTRA_CREDENTIALS:…

azure azure-pipelines dependabot

asked Jul 29 '22 at 20:51

Dodd-learning

98
7

2

votes

1 answer

Dependabot not adding Team as reviewer

I have implemented dependabot in my org repo. Dependabot is creating pull requests all fine. But it's not adding any team reviewers, there are no error logs on PR or in Dependency graph> dependabot. My yml config:- version: 2 updates: # Maintain…

github npm dependabot

asked Jun 29 '22 at 07:14

Nandan Raj

105
3
13

2

votes

1 answer

Dependabot for submodules with different intervals

We would like to have dependabot update our submodules in different intervals. For example, google test has new commits almost every day but we probably won't need them immediately, so updating once a month is enough and we won't get spammed by…

github dependabot

asked May 10 '22 at 12:23

Dezi

172
1
12

2

votes

2 answers

How to see dependabot alerts only for the current branch?

I have a repository which uses ReactJS and has 39 vulnerabilities (all of them are in yarn.lock file) when I am on the master branch. Dev branch and a few other branches are many more commits ahead of this master and there are a ton more…

security github dependabot

asked Mar 20 '22 at 06:29

C Puneeth

61
10

2

votes

0 answers

How to configure github native dependabot to use nexus repository for project updates

I'm trying to configure a dependabot.yml for automatic updates for github native dependabot without success. Every attempt to access Nexus, I get an error of authentication, although the username and password are properly configured on dependabot…

github nexus dependabot

asked Jun 09 '21 at 18:07

Maria Eloísa Costa

21
1

2

votes

1 answer

dependabot conflict with package.lock rebase or recreate doesn't work

@dependabot created a PR for updating one library and the PR has a conflict, I need to rebase or recreate it. Trying to comment in @dependabot rebase or @dependabot recreate, doesn't resolve the conflict as would get updated package.lock and auto…

dependabot

asked May 18 '21 at 05:57

Roger Oliveira

1,589
1
27
55

2

votes

0 answers

Dependabot generating PR’s daily even when I set trigger to manually

I have created dependabot.yml file with schedule set to “weekly” and day set to “saturday”. But when I merge the existing PR’s created by dependabot , it again creates a new one as soon as some of them are closed. Does not waits for saturday. Any…

triggers schedule dependabot

asked May 13 '21 at 13:25

Shikhar Singh

41
1

2

votes

0 answers

Dependabot version 2 and Github Package

Before I used Dependabot Preview. Days ago, I migrated to the new version of Dependabot Native, however, now it is not accessing Github Packages and so, the packages that I have as git modules (it used to work out of the box with Dependabot…

github dependabot

asked May 12 '21 at 00:07

Peter

2,004
2
24
57

2

votes

0 answers

Dependabot failed to update your dependencies because there was an error parsing the package.json found at /package.json

I have the Dependabot GitHub action enabled in my React Native app's repository but for some reason, it won't automatically update. I have 2 dependencies that won't: xmldon 0.5.0 and node-fetch 2.6.1 I keep getting this error when I try to Create…

react-native github-actions dependabot

asked Apr 08 '21 at 21:21

K-Dot

23
1
6

2

votes

1 answer

Update dependencies in NPM to resolve vulnerability

My repo in github show the following alert : Dependabot cannot update ssri to a non-vulnerable version. The latest possible version that can be installed is 6.0.1 because of the following conflicting dependencies: terser-webpack-plugin@2.3.8…

npm npm-install dependabot

asked Mar 31 '21 at 08:15

thienDX

284
2
12

2

votes

0 answers

Ignore webpack-cli v4 from dependabot updates and keep v3.x

Due to private packages, I am still using Dependabot v1. Below is my javascript (yarn) config. version: 1 update_configs: - package_manager: 'javascript' directory: '/' update_schedule: 'daily' version_requirement_updates:…

javascript yaml yarnpkg dependabot

asked Nov 16 '20 at 18:46

Dennis

1,805
3
22
41

2

votes

0 answers

Autoupdate package.json version with Dependabot

So when Dependabot runs and create a PR with a library update it's updates the library version in the package.json and package-lock.json, but is there any config that I could be missing, that in every PR of the dependabot update the package.json…

npm package.json dependabot dependabot-script

asked Feb 24 '20 at 12:50

Diego

493
1
9
26

1

vote

2 answers

Is there a way to integrate Dependabot with sbt for dependency updates?

I have spark jobs, and I use scala build tool build.sbt for dependencies management and creating the jar file. and I have CI and github action already configured. Now I am trying to use the dependabot to generate and create PR for sbt dependenies…

scala sbt github-actions dependabot

asked May 25 '23 at 13:15

MuGh

45
3

1

vote

0 answers

Dependabot can't update bundler dependency files that reference private git repositories

I'm trying to follow what Github suggests regarding setting up private bundler repositories for dependabot but for some reason it just doesn't work for me. here is what i did: Created a PAT with access to all my repositories Saved it as…

ruby github bundler dependabot

asked Apr 12 '23 at 10:38

mbajur

4,406
5
49
79

Questions tagged [dependabot]