Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: configure dependency update tool #15189

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

chore: configure dependency update tool #15189

wants to merge 1 commit into from
+12 −0

Conversation

lucasgonze
Copy link
Contributor

chore: configure dependency update tool

See https://github.com/magma/security/issues/144

Summary

Magma configures Dependabot using the Github UI instead of a dependabot.yml file. This prevents automated verification of secure configuration.

The change should have no developer-visible impacts.

Related issue: https://github.com/magma/security/issues/144

Test Plan

I pushed the identical change to my personal fork and left it for a week to be sure no unwanted PRs were being submitted. It worked.

Additional Information

  • This change is backwards-breaking

Security Considerations

A net improvement to security by enabling automated checking.

@pull-request-size pull-request-size bot added the size/S Denotes a PR that changes 10-29 lines. label May 1, 2023
@github-actions
Copy link
Contributor

github-actions bot commented May 1, 2023

Thanks for opening a PR! 💯

A couple initial guidelines

Howto

  • Reviews. The "Reviewers" listed for this PR are the Magma maintainers who will shepherd it.
  • Checks. All required CI checks must pass before merge.
  • Merge. Once approved and passing CI checks, use the ready2merge label to indicate the maintainers can merge your PR.

More info

Please take a moment to read through the Magma project's

If this is your first Magma PR, also consider reading

@github-actions
Copy link
Contributor

github-actions bot commented May 1, 2023

❌ The Semantic PR check ended with status failure. See instructions on formatting your commit and pull request titles.

@github-actions
Copy link
Contributor

github-actions bot commented May 1, 2023
edited
Loading

DP Lint & Test

0 tests   0 ✔️  0s ⏱️
0 suites  0 💤
0 files    0

Results for commit 9ebacd8.

♻️ This comment has been updated with latest results.

@github-actions
Copy link
Contributor

github-actions bot commented May 1, 2023
edited
Loading

Oops! Looks like you failed the PR Check DCO. Be sure to sign all your commits.

Howto

♻️ Updated: ✅ The check is passing the PR Check DCO after the last commit.

@lucasgonze
Configure Dependency-Update-Tool to improve score on OpenSSF Security…
9ebacd8 
… Scorecard. magma/security#144

Signed-off-by: Lucas Gonze <lucas@gonze.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size/S Denotes a PR that changes 10-29 lines.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@lucasgonze