| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
| |
Followup to https://github.com/openshift/release/pull/28686
in which we ask openshift-ci-bot to enforce a release-note
label on new PRs.
Dependabot PRs do not need release notes. Add a config setting
(copied from cri-o) that tells dependabot to set release-note-none
on new PRs.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
|
|
|
|
|
| |
dependabot should update out test dependencies as well.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Updated dependabot to get updates for GitHub actions.
GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository
as well as when there are new updates to the dependency.
https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts
A vulnerability is a problem in a project's code that could be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. Vulnerabilities vary in type, severity, and method of attack.
When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it.
Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
|
|
While dependabot has turned out great to automate updating dependencies,
a major painpoint was that we had to manually run `make vendor` for each
and every commit. It was causing noise.
Adding the config file to `.github/dependabot.yml` will take of also
updating the `./vendor` tree. `containers/common` is using this config
for a while successfully.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|