Ryan Barrett
|
7e8ec559e2
|
dependabot auto-merge workflow: message when we skip major versions
|
2022-04-25 11:49:10 -07:00 |
Ryan Barrett
|
4dfcdd22da
|
add dependency review GitHub Action, prevents merging dependencies w/vulnerabilities
https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-dependency-review
https://github.com/actions/dependency-review-action#installation=
|
2022-04-17 17:47:39 -07:00 |
Ryan Barrett
|
4ddf717344
|
add CI workflow to auto-merge dependency upgrades
...only patch and minor versions, and only if CI passes.
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
|
2022-03-24 11:19:39 -07:00 |
Ryan Barrett
|
eddc41f020
|
switch dependabot from weekly to daily
|
2022-03-04 06:53:48 -08:00 |
Ryan Barrett
|
6fb58a6918
|
add dependabot, codeql analysis actions
|
2021-12-12 12:30:56 -08:00 |