Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated dependabot to GitHub actions #13565

Merged
merged 1 commit into from
Mar 28, 2022
Merged

Updated dependabot to GitHub actions #13565

merged 1 commit into from
Mar 28, 2022

Conversation

naveensrinivasan
Copy link
Contributor

@naveensrinivasan naveensrinivasan commented Mar 19, 2022
edited by rhatdan
Loading

  • Updated dependabot to get updates for GitHub actions.

GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository
as well as when there are new updates to the dependency.

https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts

A vulnerability is a problem in a project's code that could be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. Vulnerabilities vary in type, severity, and method of attack.

When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it.

Signed-off-by: naveensrinivasan [email protected]

@baude
Copy link
Member

baude commented Mar 19, 2022

I am not familiar with what this does. Do you think you could improve the commit message to inform us why this important? What is the need?

@naveensrinivasan
Updated dependabot to GitHub actions
4408db3 
- Updated dependabot to get updates for GitHub actions.

GitHub sends Dependabot alerts when we detect vulnerabilities affecting your repository
as well as when there are new updates to the dependency.

https://docs.github.com/en/code-security/dependabot/dependabot-alerts/about-dependabot-alerts

A vulnerability is a problem in a project's code that could be exploited to damage the confidentiality, integrity, or availability of the project or other projects that use its code. Vulnerabilities vary in type, severity, and method of attack.

When your code depends on a package that has a security vulnerability, this vulnerable dependency can cause a range of problems for your project or the people who use it.

Signed-off-by: naveensrinivasan <[email protected]>
@naveensrinivasan naveensrinivasan force-pushed the naveen/feat/dependabot-update branch from d62bf39 to 4408db3 Compare March 19, 2022 03:21
@naveensrinivasan
Copy link
Contributor Author

I am not familiar with what this does. Do you think you could improve the commit message to inform us why this important? What is the need?

I update the commit to include some relevant information on dependabot and why it is critical for getting updates on dependency which was missing on GitHub actions.

Let me know if you need anything more.

@naveensrinivasan
Copy link
Contributor Author

I am not familiar with what this does. Do you think you could improve the commit message to inform us why this important? What is the need?

@baude A friendly reminder.

@naveensrinivasan
Copy link
Contributor Author

@cevich Would you be able to help with this PR?

@baude
Copy link
Member

baude commented Mar 28, 2022

/approve

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Mar 28, 2022

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: baude, naveensrinivasan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 28, 2022
@baude
Copy link
Member

baude commented Mar 28, 2022

LGTM

@rhatdan
Copy link
Member

rhatdan commented Mar 28, 2022

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Mar 28, 2022
@openshift-merge-robot openshift-merge-robot merged commit c750305 into containers:main Mar 28, 2022
@naveensrinivasan naveensrinivasan deleted the naveen/feat/dependabot-update branch March 28, 2022 20:32
@naveensrinivasan naveensrinivasan mentioned this pull request Mar 28, 2022
Merged
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@naveensrinivasan @baude @rhatdan @openshift-merge-robot