Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ci: added dependabot.yml #1091 #1092

Merged
merged 3 commits into from
Apr 4, 2023
Merged

ci: added dependabot.yml #1091 #1092

merged 3 commits into from
Apr 4, 2023

Conversation

priyankarpal
Copy link
Member

Description

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

It's a gh action. It will update all gh actions if an update is needed.

Checklist:

  • I have performed a self-review of my own code
  • I have commented on my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Screenshots or example output

@priyankarpal
ci: added dependabot.yml #1091
1603d1a 
- Added dependabot gh action 

- Solved issue #1091
@vercel
Copy link

vercel bot commented Apr 4, 2023

@priyankarpal is attempting to deploy a commit to a Personal Account owned by @reactplay on Vercel.

@reactplay first needs to authorize it.

github-actions[bot]
github-actions bot reviewed Apr 4, 2023
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey! contributor, thank you for opening a Pull Request 🎉.

@reactplay/maintainers will review your submission soon and give you helpful feedback. If you're interested in continuing your contributions to open source and want to be a part of a welcoming and fantastic community, we invite you to join our [ReactPlay Discord Community](https://discord.gg/vrTxWUP8Am). Show your support by starring ⭐ this repository. Thank you and we appreciate your contribution to open source! **Stale Marking** : **After 30 days of inactivity this issue/PR will be marked as stale issue/PR and it will be closed and locked in 7 days if no further activity occurs.**

@Sachin-chaurasiya
Copy link
Member

Hello @priyankarpal , Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

@priyankarpal
Copy link
Member Author

Hello @priyankarpal, Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them.

@Sachin-chaurasiya
Copy link
Member

Hello @priyankarpal, Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them.

Will it also mention the vulnerabilities?

@priyankarpal
Copy link
Member Author

Hello @priyankarpal, Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them.

Will it also mention the vulnerabilities?

No, this code does not check vulnerabilities directly.

This code appears to update the package ecosystem for GitHub Actions and schedule a daily update. However, it does not specify any specific tools or methods for checking vulnerabilities in the packages used in the repository or in the GitHub Actions workflow.

To check for vulnerabilities, you will need to use additional tools and services that can scan your code for known vulnerabilities in the packages you are using.

@Sachin-chaurasiya
Copy link
Member

Hello @priyankarpal, Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them.

Will it also mention the vulnerabilities?

No, this code does not check vulnerabilities directly.

This code appears to update the package ecosystem for GitHub Actions and schedule a daily update. However, it does not specify any specific tools or methods for checking vulnerabilities in the packages used in the repository or in the GitHub Actions workflow.

To check for vulnerabilities, you will need to use additional tools and services that can scan your code for known vulnerabilities in the packages you are using.

@priyankarpal , It would be great to have some working examples.

@priyankarpal
Copy link
Member Author

Hello @priyankarpal, Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them.

Will it also mention the vulnerabilities?

No, this code does not check vulnerabilities directly.
This code appears to update the package ecosystem for GitHub Actions and schedule a daily update. However, it does not specify any specific tools or methods for checking vulnerabilities in the packages used in the repository or in the GitHub Actions workflow.
To check for vulnerabilities, you will need to use additional tools and services that can scan your code for known vulnerabilities in the packages you are using.

@priyankarpal , It would be great to have some working examples.

Dependabot will automatically create a PR if there are any updates needed. You can check the example of my project

image

PR link: priyankarpal/projectshut#92

@Sachin-chaurasiya
Copy link
Member

Hello @priyankarpal, Thanks for the PR, It would be great if you share some examples of how it will be working and what will be the benefits of adding this.

Dependabot is a tool that helps you keep your software dependencies up-to-date by automatically checking for updates and creating pull requests to update them.

Will it also mention the vulnerabilities?

No, this code does not check vulnerabilities directly.
This code appears to update the package ecosystem for GitHub Actions and schedule a daily update. However, it does not specify any specific tools or methods for checking vulnerabilities in the packages used in the repository or in the GitHub Actions workflow.
To check for vulnerabilities, you will need to use additional tools and services that can scan your code for known vulnerabilities in the packages you are using.

@priyankarpal , It would be great to have some working examples.

Dependabot will automatically create a PR if there are any updates needed. You can check the example of my project

image

PR link: priyankarpal/ProjectsHut#92

Thanks for sharing the example, looks good.

@vercel
Copy link

vercel bot commented Apr 4, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
react-play ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 4, 2023 9:12am

Sachin-chaurasiya
Sachin-chaurasiya reviewed Apr 4, 2023
View reviewed changes
Copy link
Member

@Sachin-chaurasiya Sachin-chaurasiya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few comments, thanks

.github/dependabot.yml Outdated Show resolved Hide resolved
Sachin-chaurasiya
Sachin-chaurasiya approved these changes Apr 4, 2023
View reviewed changes
Copy link
Member

@Sachin-chaurasiya Sachin-chaurasiya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks Good 👍

@atapas atapas merged commit b0fcb31 into reactplay:main Apr 4, 2023
@priyankarpal priyankarpal deleted the patch-1 branch April 4, 2023 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@atapas atapas atapas approved these changes

@Sachin-chaurasiya Sachin-chaurasiya Sachin-chaurasiya approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

✨ [Feature request]: Add dependabot gh action
3 participants
@priyankarpal @Sachin-chaurasiya @atapas