-
-
Notifications
You must be signed in to change notification settings - Fork 836
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: added dependabot.yml #1091 #1092
Conversation
- Added dependabot gh action - Solved issue #1091
@priyankarpal is attempting to deploy a commit to a Personal Account owned by @reactplay on Vercel. @reactplay first needs to authorize it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey! contributor, thank you for opening a Pull Request 🎉.
@reactplay/maintainers will review your submission soon and give you helpful feedback. If you're interested in continuing your contributions to open source and want to be a part of a welcoming and fantastic community, we invite you to join our [ReactPlay Discord Community](https://discord.gg/vrTxWUP8Am). Show your support by starring ⭐ this repository. Thank you and we appreciate your contribution to open source! **Stale Marking** : **After 30 days of inactivity this issue/PR will be marked as stale issue/PR and it will be closed and locked in 7 days if no further activity occurs.**
Hello @priyankarpal , Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this. |
Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them. |
Will it also mention the vulnerabilities? |
No, this code does not check vulnerabilities directly. This code appears to update the package ecosystem for GitHub Actions and schedule a daily update. However, it does not specify any specific tools or methods for checking vulnerabilities in the packages used in the repository or in the GitHub Actions workflow. To check for vulnerabilities, you will need to use additional tools and services that can scan your code for known vulnerabilities in the packages you are using. |
@priyankarpal , It would be great to have some working examples. |
Dependabot will automatically create a PR if there are any updates needed. You can check the example of my project PR link: priyankarpal/projectshut#92 |
Thanks for sharing the example, looks good. |
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Left a few comments, thanks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks Good 👍
Description
Added dependabot gh action
Fixes ✨ [Feature request]: Add dependabot gh action #1091
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
It's a gh action. It will update all gh actions if an update is needed.
Checklist:
Screenshots or example output