Skip to content

Upgrade to GitHub-native Dependabot #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Upgrade to GitHub-native Dependabot #120

wants to merge 1 commit into from

Conversation

@dependabot-preview
Copy link
Contributor

@dependabot-preview dependabot-preview bot commented Apr 29, 2021

Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then.

Dependabot has been fully integrated into GitHub, so you no longer have to install and manage a separate app. This pull request migrates your configuration from Dependabot.com to a config file, using the new syntax. When merged, we'll swap out dependabot-preview (me) for a new dependabot app, and you'll be all set!

With this change, you'll now use the Dependabot page in GitHub, rather than the Dependabot dashboard, to monitor your version updates, and you'll configure Dependabot through the new config file rather than a UI.

If you've got any questions or feedback for us, please let us know by creating an issue in the dependabot/dependabot-core repository.

Learn more about migrating to GitHub-native Dependabot

Please note that regular @dependabot commands do not work on this pull request.

@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Apr 29, 2021
rbialon
rbialon requested changes Apr 30, 2021
View reviewed changes
Copy link
Collaborator

@rbialon rbialon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The automatically generated depenedabot config seems a bit odd because it incudes dependencies' versions previously not approved in PRs to be ignored. I suggest we remove the ignore part

.github/dependabot.yml
Comment on lines +8 to +18
ignore:
- dependency-name: defusedxml
versions:
- 0.7.0
- dependency-name: django
versions:
- 3.1.5
- 3.1.6
- dependency-name: django-markdownify
versions:
- 0.8.2
Copy link
Collaborator

@rbialon rbialon Apr 30, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove these ignored versions so that dependabot checks every version again. This possibly leads to duplicate PRs, but no version is left out.

Suggested change
ignore:
- dependency-name: defusedxml
versions:
- 0.7.0
- dependency-name: django
versions:
- 3.1.5
- 3.1.6
- dependency-name: django-markdownify
versions:
- 0.8.2

@dependabot-preview
Copy link
Contributor Author

dependabot-preview bot commented Jun 25, 2021

As a reminder, Dependabot Preview will be shut down on August 3rd, 2021. You can merge this pull request to migrate to GitHub-native Dependabot. You can read the docs to learn more about what's changing, as well as find out how to get support if you need help migrating.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbialon rbialon rbialon requested changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rbialon