Giter Club home page Giter Club logo

Comments (9)

sobolevn avatar sobolevn commented on June 23, 2024

Yes, dependabot can do it: wemake-services/wemake-django-template#749

Here's my idea:

  1. Use this method: https://github.com/dependabot/dependabot-core/blob/0549ebab2530b8287654da00ee382e72f4814c54/common/lib/dependabot/update_checkers/base.rb#L106
  2. Only allow to create MRs for security updates: next unless checker.vulnerable?
  3. Add an option DEPENDABOT_ONLY_SECURITY to make this configurable

Please, report if that works for you.

from kira-dependencies.

lorvent avatar lorvent commented on June 23, 2024

thanks for the tip.
unfortunately i have no idea of ruby, so i have to wait till someone makes a PR for it.
thanks.

from kira-dependencies.

sobolevn avatar sobolevn commented on June 23, 2024

@lorvent ok, I will do it in ~7 days.

from kira-dependencies.

sobolevn avatar sobolevn commented on June 23, 2024

Still no solution from my side. Sorry. Any ideas?

from kira-dependencies.

lorvent avatar lorvent commented on June 23, 2024

are we checking for deps using dependabot api

or directly checking with packagist.org and nmpjs.com ?

depending on that...we should findout may be.

from kira-dependencies.

sobolevn avatar sobolevn commented on June 23, 2024

Nope, just dependabot. Other options are out of scope of this project.

from kira-dependencies.

lorvent avatar lorvent commented on June 23, 2024

but i can't find any api link for dependabot.

can you please provide link?

from kira-dependencies.

sobolevn avatar sobolevn commented on June 23, 2024

I am not quite familiar with dependabot's code base and ruby (in fact that's my first ruby project and I still do even red a tutorial), but here you go a search reference: https://github.com/dependabot/dependabot-core/search?q=security&unscoped_q=security

from kira-dependencies.

lorvent avatar lorvent commented on June 23, 2024

hmm, lets hope someone else will make a PR for it, since they already have option to filter by security update or not.

from kira-dependencies.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.