Stack Overflow
Stack Overflow

Questions tagged [dependabot]

Dependabot creates pull requests to keep your dependencies secure and up-to-date.

140 questions
0
votes
1 answer

Can I set up Dependabot to use ProGet

Hopefully straight forward but strangely haven't been able to find the answer through a search. We are looking at setting up dependabot through Github to update dependencies for us. We use C# primarily & have libs in both NuGet & our own instance of…
onesixtyfourth
  • 744
  • 9
  • 30
0
votes
0 answers

Dependabot confluent dependencies

My project has a dependency on org.apache.kafka:kafka-clients library. The latest version is 7.3.1-ccs, but dependabot keeps creating prs to update it to 7.3.1-ce, which license is not friendly. Any way to configure dependabot to ignore versions…
AmsterdamLuis
  • 341
  • 3
  • 21
0
votes
1 answer

Dependabot.yml security updates for GitHub Actions

I am trying to configure dependabot.yml to get security updates for GitHub Actions. I followed the Configuring Dependabot security updates documentation. During the configuration I had the following issues: I did not understand if I need to enable…
Gabriela Guti
  • 1
0
votes
0 answers

Use Dependabot to check Dependencies in Bash scripts and Dockerfiles

I would like some notifications from Dependabot when new versions are available. These are my two scenarios: #1 I'm starting a docker container in a bash script like this. local DOCKER_IMAGE="hashicorp/terraform:1.3.6" docker run --rm \ --volume…
Sebastian Sommerfeld
  • 701
  • 8
  • 26
0
votes
2 answers

How to NOT run a GitHub Action when a specific label is set?

I have a GitHub Action workflow that runs to deploy a preview of a react-native expo app always when a Pull Request is opened. However, I do not want it to run when the dependabot opens a Pull Request. How can I filter the dependabot Pull Requests?…
Lavínia Beghini
  • 165
  • 1
  • 11
0
votes
1 answer

Is there any way to update a certain git submodule by dependabot?

There are many git submodules under the contrib directory of my repo. I want to configure my dependabot to only update contrib/proxy, How can I do this? According to this doc, I find a directory config item. However, seems this must be equal to…
calvin
  • 2,125
  • 2
  • 21
  • 38
0
votes
0 answers

Is Dependabot from GitHub legally a co-author of my code?

I have a private repository and I want to keep it like that, I want to use the code commercially. I noticed that when I merge a Dependabot fix, it appears as the author of the source code change. Is this giving Github/Microsoft the co-authoring of…
jordiburgos
  • 5,964
  • 4
  • 46
  • 80
0
votes
0 answers

Update dependabots pull request with version increment for other files for an Eclipse plug-in project

I use dependabots with Maven environment to receive pull requests on pom.xml files for version upgrades on all dependencies. However, for an Eclipse plug-in project, more files need update: MANIFEST.MF build.properties How do I configure…
Sybuser
  • 735
  • 10
  • 27
0
votes
0 answers

How do I configure dependabots in an Eclipse plugin project so that not only the pom.xml is updated but also MANIFEST.MF and build.properties?

I've been using dependabots with github with some degree of success on typical maven projets, as it sends correct pull requests updating the versions of the dependencies in the pom.xml. On an Eclipse plugin project however, the dependencies and…
Sybuser
  • 735
  • 10
  • 27
0
votes
1 answer

How do I add multiple authenticated feeds to dependabot?

I have a project that uses two authenticated nuget feeds in Azure DevOps and I'm trying to integrate Dependabot into it. As the feeds are in Azure DevOps naturally I need to authenticate them with an access token which I know how to do with a single…
Inverted Llama
  • 1,522
  • 3
  • 14
  • 25
0
votes
0 answers

Github Dependabot Applies PR's to Wrong Branch

In my .github directory in my repo I have the following dependabot.yml file. version: 2 updates: - package-ecosystem: 'github-actions' target-branch: 'develop' directory: '/' schedule: interval: 'weekly' day: 'saturday' …
secondman
  • 3,233
  • 6
  • 43
  • 66
0
votes
1 answer

Dependabot failing to upgrade Ruby dependency

I have dependabot integrated into a github repo that I control. I've noticed that dependabot is no longer opening PRs for outdated dependencies, such as rubocop and rubocop-rspec. I have an open ticket in the dependabot-core repo that describes the…
dug
  • 2,275
  • 1
  • 18
  • 25
0
votes
1 answer

Dependabot ignoring default branch and opening some PR's against master

We have the following dependabot.yml config:- version: 2 updates: - package-ecosystem: "bundler" directory: "/app" target-branch: "develop" schedule: interval: "daily" Around 60% of the PRs that dependabot opens however, are…
s89_
  • 1,533
  • 3
  • 25
  • 40
0
votes
1 answer

Auto merge dependabot PR after all checks have passed

I want to auto-merge Dependabot PR once all checks(or workflows) on Dependabot PR have been passed. Currently, I am using this logic to trigger auto-merge action: on: workflow_run: workflows: ["Lint and Unit tests"] types: -…
user16578778
0
votes
1 answer

dependabot configuration: allow property not allowing updates of dependencies as expected

I am trying to customize which dependencies are updated using the allow property of Dependabot's configuration YAML. Research: allow I see that the allow property is preventing update of the dependencies instead of allowing update. Also, an allow…
SriA
  • 11
  • 3
1 2 3
9 10