Skip to content

chore: use dependabot to manage dependencies#2830

Merged
jawnsy merged 4 commits intocoder:mainfrom
jawnsy:jawnsy/ch8931/dependabot
Mar 12, 2021
Merged

chore: use dependabot to manage dependencies#2830
jawnsy merged 4 commits intocoder:mainfrom
jawnsy:jawnsy/ch8931/dependabot

Conversation

@jawnsy
Copy link
Copy Markdown

@jawnsy jawnsy commented Mar 6, 2021

Use dependabot to manage the dependencies defined in package.json and
GitHub Actions workflows, so that we can proactively update versions.

Outdated versions of third-party dependencies frequently have known
security vulnerabilities with CVEs.

chore: use dependabot to manage dependencies #259
f5d86aa 
Use dependabot to manage the dependencies defined in package.json and
GitHub Actions workflows, so that we can proactively update versions.

Outdated versions of third-party dependencies frequently have known
security vulnerabilities with CVEs.
@jawnsy jawnsy requested a review from a team as a code owner March 6, 2021 21:45
@shortcut-integration
Copy link
Copy Markdown

shortcut-integration bot commented Mar 6, 2021

This pull request has been linked to Clubhouse Story #8931: Enable additional dependency tracking with dependabot.

@jawnsy jawnsy changed the title chore: use dependabot to manage dependencies #259 chore: use dependabot to manage dependencies Mar 6, 2021
jsjoeio
jsjoeio suggested changes Mar 8, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@jsjoeio jsjoeio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, @jawnsy! 🎉

In the past when I've used dependabot to manage dependencies, it tends to be pretty noisy and can be overwhelming to keep up with.

Just took a look at the Security tab of our repo and it looks like we can set a lot of this up through there, including dependabot alerts.

image

Do you know the difference between using that vs adding this in like you've done?

@jsjoeio jsjoeio mentioned this pull request Mar 8, 2021
Closed
@jsjoeio
Copy link
Copy Markdown
Contributor

jsjoeio commented Mar 9, 2021

bump @jawnsy

jsjoeio
jsjoeio suggested changes Mar 10, 2021
View reviewed changes
jawnsy
jawnsy commented Mar 10, 2021
View reviewed changes
@code-asher
Copy link
Copy Markdown
Member

code-asher commented Mar 11, 2021

I'm down to own these if that's helpful.

jsjoeio
jsjoeio previously approved these changes Mar 11, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@jsjoeio jsjoeio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jawnsy
good luck han solo gif

@jawnsy jawnsy self-assigned this Mar 12, 2021
jawnsy
jawnsy commented Mar 12, 2021
View reviewed changes
@jawnsy jawnsy requested a review from a team March 12, 2021 19:30
@jawnsy jawnsy merged commit 7b1fe31 into coder:main Mar 12, 2021
@jawnsy jawnsy deleted the jawnsy/ch8931/dependabot branch March 12, 2021 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@code-asher code-asher code-asher left review comments

+1 more reviewer

@jsjoeio jsjoeio jsjoeio approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@jawnsy jawnsy

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jawnsy @jsjoeio @code-asher