Mercurial > p > roundup > code
annotate .github/dependabot.yml @ 8356:63390dcfcfe9
bug: fix template use of structure with untrusted data
Looks like an xSS bug with an early version of the template that was
fixed in the code but never in the deployed tracker. It has been a
while since this particular construct has been in the classic template
which is the base for the tracker.
This has been fixed on the deployed tracker as well.
reported by 4bug of ChaMd5 Security Team H1 Group
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 08 Jul 2025 10:23:09 -0400 |
| parents | 93e4ec305ed8 |
| children |
| rev | line source |
|---|---|
|
7118
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 # To get started with Dependabot version updates, you'll need to |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 # specify which |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 # package ecosystems to update and where the package manifests are |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 # located. |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 # Please see the documentation for all configuration options: |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 version: 2 |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 updates: |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 - package-ecosystem: "pip" |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 directory: "/" # Location of package manifests |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 schedule: |
|
00a47d4addc9
Add dependabot dependency scans
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 interval: "weekly" |
|
7142
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
14 |
|
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
15 - package-ecosystem: "github-actions" |
|
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
16 # Workflow files stored in the |
|
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
17 # default location of `.github/workflows` |
|
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
18 directory: "/" |
|
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
19 schedule: |
|
b486a5848cea
add dependabot to github actions as well.
John Rouillard <rouilj@ieee.org>
parents:
7118
diff
changeset
|
20 interval: "weekly" |
|
7516
93e4ec305ed8
Disable dependabot for docker.
John Rouillard <rouilj@ieee.org>
parents:
7152
diff
changeset
|
21 # - package-ecosystem: "docker" |
|
93e4ec305ed8
Disable dependabot for docker.
John Rouillard <rouilj@ieee.org>
parents:
7152
diff
changeset
|
22 # directory: "/scripts/Docker" |
|
93e4ec305ed8
Disable dependabot for docker.
John Rouillard <rouilj@ieee.org>
parents:
7152
diff
changeset
|
23 # target-branch: "master" |
|
93e4ec305ed8
Disable dependabot for docker.
John Rouillard <rouilj@ieee.org>
parents:
7152
diff
changeset
|
24 # schedule: |
|
93e4ec305ed8
Disable dependabot for docker.
John Rouillard <rouilj@ieee.org>
parents:
7152
diff
changeset
|
25 # interval: "weekly" |