Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add dependabot #75

Merged
merged 1 commit into from
Jan 5, 2024
Merged

Conversation

nitrocode
Copy link
Contributor

@nitrocode nitrocode commented Dec 14, 2023

what

  • Add dependabot

why

  • The latest requests v2.31.0 resolves a CVE and this project uses an older requests in the requirements file
  • Dependabot will autopropose PRs of dependencies that it detects to help keep dependencies up to date and make the project more secure
  • Additional dependencies such as the python version of the project would be difficult to update using dependabot. For those cases, renovatebot should be evaluated.

references

@nitrocode nitrocode changed the title Add dependabot to keep dependencies up to date feat: Add dependabot to keep dependencies up to date Dec 14, 2023
Signed-off-by: nitrocode <[email protected]>
@nitrocode nitrocode changed the title feat: Add dependabot to keep dependencies up to date feat: add dependabot Dec 14, 2023
@baolsen
Copy link
Contributor

baolsen commented Jan 5, 2024

LGTM, thanks for the contribution!

@baolsen baolsen merged commit 95dbe49 into cloudandthings:main Jan 5, 2024
13 of 15 checks passed
@nitrocode nitrocode deleted the dependabot branch August 6, 2024 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add dependabot / renovatebot to keep lambda module up to date
2 participants