Highest Voted 'dependabot' Questions

1

vote

1 answer

Using for setup.cfg to declare dependencies for github's dependabot

in this tutorial for python packaging tutorarial it is recommended to use setup.cfg over setup.py to declare dependencies. However on github under "Dependency graph", it is written that only dependencies declared under setup.py or pyproject.toml are…

asked Sep 17 '21 at 13:44

Jimmy2027

313
3
10

1

vote

1 answer

How to get a list of all vulnerability alerts in a GitHub organisation?

I'd like to get an overview, for example of all the critical vulnerabilities I have access to view in a GitHub organization. This answer has allowed me to get a list for a specific repository: { repository(name: "repo-name", owner: "repo-owner")…

security github graphql insomnia dependabot

asked Aug 28 '21 at 10:03

pzrq

1,626
1
18
24

1

vote

1 answer

Dependabot for updating go dependencies which track commits

I'm trying to use dependabot to auto-update a private Go repository. My current dependabot.yml looks like this: version: 2 updates: - package-ecosystem: 'gomod' directory: '/' schedule: interval: 'daily' allow: -…

go dependabot

asked Aug 19 '21 at 13:59

vkainth

13
4

1

vote

0 answers

Dependabot nuget pull request

I have an API where I want nuget packages to update with my own feed, but when I get to this UpdateCheckers setting it shows me update_not_possible. The project is hosted on azure just like the nugets feed When the build is executed, it only…

api nuget dependabot

asked Jul 23 '21 at 22:02

stevencap3

13
3

1

vote

1 answer

Is it possible to allow dependabot on GitHub to automatically "bump" software to new version?

Please help this learner out: I get frequent GitHub's dependabot alerts for "bumping" software versions to a more current one. My issue is I have to go into each (in my case, Django) app to pull or merge files. It tedious and time consuming to deal…

django github dependabot

asked Jun 03 '21 at 17:33

YCode

1,192
1
12
28

1

vote

0 answers

How does Dependabot finds CHANGELOG files to be displayed in the PR?

I want to display the contents of a CHANGELOG.md file (which is included in the nuget package I publish) in the PR created by Dependabot. Example of such behavior for FluentValidation package: I can't figure out how to do that. Additionally, I have…

nuget dependabot

asked Jun 02 '21 at 21:05

Artur Krajewski

571
1
4
18

1

vote

0 answers

Is it possible to get Dependabot statistics for a whole GitHub organisation?

security github dependabot

asked May 17 '21 at 07:59

Daniel Gartmann

11,678
12
45
60

1

vote

2 answers

Error upgrading dependencies in yarn.lock file with yarn up in Yarn 2.0

I'm trying to use Yarn 2.0 to upgrade to the latest version of the dependency in my yarn.lock to resolve a dependabot issue. The issue exists with the ini dependency and I tried running command yarn up ini which resulted in the following error: ❯…

yarn-workspaces yarnpkg-v2 dependabot yarn-lock.json yarn-v2

asked Feb 24 '21 at 03:42

AMP_035

167
1
2
13

1

vote

1 answer

Can't resolve github Dependabot alert

I got this security notification: Remediation Upgrade node-fetch to version 2.6.1 or later. For example: node-fetch@^2.6.1: version "2.6.1" But this error has occurred. : Dependabot cannot create a pull request as one or more other dependencies…

github dependabot

asked Sep 25 '20 at 16:54

Sh031224

769
1
7
20

1

vote

2 answers

Github dependabot v2 update on push

So I'm using github dependabot v2 and have this config: version: 2 updates: - package-ecosystem: npm directory: "/" schedule: interval: daily open-pull-requests-limit: 100 allow: - dependency-type: all I want it to…

github dependabot

asked Sep 04 '20 at 17:57

user13050631

1

vote

1 answer

What is the search filter to see all open pull requests across all of your GitHub repositories

It can be useful to see all open pull requests in all repositories that one owns, not only the ones which one authored (which is prominently documented on the search bar). An example: I have activated automated security updates for dozens of…

github pull-request dependabot

asked Jan 09 '20 at 21:27

Trevor Reid

3,310
4
27
46

0

votes

1 answer

Contradiction between doc and schema for Dependabot with pnpm

When configuring Dependabot to use pnpm as package ecosystem, the documentation states that it is currently supported. Though, I get an error in my editor because it does not exist in the schema. What is going on? Also, Dependabot doesn't seem to…

github dependabot github-dependabot

asked Aug 29 '23 at 16:11

Benjamin

13
3

0

votes

0 answers

Dependabot is not completely updating package-lock.json

I'm using dependabot to update npm packages in a project. Dependabot seems to be working okay. However I've noticed that regenerating my package-lock.json file every few weeks produces many package updates. By "regenerate", I mean deleting…

npm package-lock.json dependabot

asked Aug 28 '23 at 17:19

Johnny Metz

5,977
18
82
146

0

votes

1 answer

Github Repository Secret in Workflow for automating dependacy auto merge

Trying to automate merges of dependabot PR´s in Github and wrote the workflow as in this guide, https://github.com/marketplace/actions/dependabot-auto-merge except for the token name. As token i have created a personal access token and then added…

github github-actions workflow secret-key dependabot

asked Aug 22 '23 at 17:04

Anders Breid

121
1
8

0

votes

0 answers

Dependabot not finding csproj in .NET project

I tried using GitHub's dependabot feature to automatically update nuget dependencies for my project but it gives me a dependency_file_not_found. Dependabot log: proxy | 2023/08/09 17:40:12 proxy starting, commit:…

.net nuget dependabot

asked Aug 13 '23 at 23:35

Roberto de León

115
1
7

Questions tagged [dependabot]