From 2c53b8a1fb8c4b8366c9bea1fb7c146564ae0df2 Mon Sep 17 00:00:00 2001 From: Mike McDonald Date: Tue, 3 Aug 2021 11:14:07 -0600 Subject: [PATCH 1/3] Updating Dependabot Preview Smigration docs --- ...rading-from-dependabotcom-to-github-native-dependabot.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md index 56ad95cf09..437a7ed7a0 100644 --- a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md +++ b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md @@ -15,9 +15,9 @@ shortTitle: Dependabot.com upgrades --- {% warning %} -Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please migrate to GitHub-native Dependabot before then. +Dependabot Preview has been shut down as of August 3rd, 2021. In order to keep getting Dependabot updates, please migrate to GitHub-native Dependabot. -After that date, any open pull requests from Dependabot Preview will remain open, but the bot itself will no longer work on your {% data variables.product.prodname_dotcom %} accounts and organizations. +Open pull requests from Dependabot Preview will remain open, including the pull request to upgrade to GitHub-native Dependavot, but the bot itself will no longer work on your {% data variables.product.prodname_dotcom %} accounts and organizations. {% endwarning %} @@ -30,7 +30,7 @@ Dependabot Preview has been built directly into {% data variables.product.prodna While most of the Dependabot Preview features exist in {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, a few remain unavailable: - **Live updates:** We hope to bring these back in the future. For now, you can run {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_dependabot %} daily to catch new packages within one day of release. - **PHP environment variable registries:** For projects that rely on the `ACF_PRO_KEY` environment variable, you may be able to vendor your licensed copy of the Advanced Custom Fields plugin. For an example, see [dependabot/acf-php-example](https://github.com/dependabot/acf-php-example#readme). For other environment variables, you can use {% data variables.product.prodname_actions %} to fetch dependencies from these registries. -- **Auto-merge:** We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge. +- **Auto-merge:** We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge. We have provided the [`dependabot/fetch-metadata`](https://github.com/marketplace/actions/fetch-metadata-from-dependabot-prs) action to [help developers enable GitHub's automerge](https://github.com/dependabot/fetch-metadata/#enabling-auto-merge). In {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, you can configure all version updates using the configuration file. This file is similar to the Dependabot Preview configuration file with a few changes and improvements that will be automatically included in your upgrade pull request. For more information about the upgrade pull request, see "[Upgrading to GitHub-native Dependabot](/code-security/supply-chain-security/upgrading-from-dependabotcom-to-github-native-dependabot#upgrading-to-github-native-dependabot)". From efa186a2e220b4c522cba503c22bbd16e2b27bfe Mon Sep 17 00:00:00 2001 From: Sarita Iyer <66540150+saritai@users.noreply.github.com> Date: Tue, 3 Aug 2021 17:18:43 -0400 Subject: [PATCH 2/3] Update content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md --- .../upgrading-from-dependabotcom-to-github-native-dependabot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md index 437a7ed7a0..03c2ced7ed 100644 --- a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md +++ b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md @@ -30,7 +30,7 @@ Dependabot Preview has been built directly into {% data variables.product.prodna While most of the Dependabot Preview features exist in {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, a few remain unavailable: - **Live updates:** We hope to bring these back in the future. For now, you can run {% data variables.product.prodname_dotcom %} {% data variables.product.prodname_dependabot %} daily to catch new packages within one day of release. - **PHP environment variable registries:** For projects that rely on the `ACF_PRO_KEY` environment variable, you may be able to vendor your licensed copy of the Advanced Custom Fields plugin. For an example, see [dependabot/acf-php-example](https://github.com/dependabot/acf-php-example#readme). For other environment variables, you can use {% data variables.product.prodname_actions %} to fetch dependencies from these registries. -- **Auto-merge:** We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge. We have provided the [`dependabot/fetch-metadata`](https://github.com/marketplace/actions/fetch-metadata-from-dependabot-prs) action to [help developers enable GitHub's automerge](https://github.com/dependabot/fetch-metadata/#enabling-auto-merge). +- **Auto-merge:** We always recommend verifying your dependencies before merging them; therefore, auto-merge will not be supported for the foreseeable future. For those of you who have vetted your dependencies, or are only using internal dependencies, we recommend adding third-party auto-merge apps, or setting up GitHub Actions to merge. We have provided the [`dependabot/fetch-metadata`](https://github.com/marketplace/actions/fetch-metadata-from-dependabot-prs) action to help developers [enable GitHub's automerge](https://github.com/dependabot/fetch-metadata/#enabling-auto-merge). In {% data variables.product.prodname_dotcom %}-native {% data variables.product.prodname_dependabot %}, you can configure all version updates using the configuration file. This file is similar to the Dependabot Preview configuration file with a few changes and improvements that will be automatically included in your upgrade pull request. For more information about the upgrade pull request, see "[Upgrading to GitHub-native Dependabot](/code-security/supply-chain-security/upgrading-from-dependabotcom-to-github-native-dependabot#upgrading-to-github-native-dependabot)". From 6bdba1c9e55b3208e579f151478243162e615dfa Mon Sep 17 00:00:00 2001 From: Sarita Iyer <66540150+saritai@users.noreply.github.com> Date: Tue, 3 Aug 2021 17:18:55 -0400 Subject: [PATCH 3/3] Update content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md --- .../upgrading-from-dependabotcom-to-github-native-dependabot.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md index 03c2ced7ed..66c1d411a6 100644 --- a/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md +++ b/content/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/upgrading-from-dependabotcom-to-github-native-dependabot.md @@ -17,7 +17,7 @@ shortTitle: Dependabot.com upgrades Dependabot Preview has been shut down as of August 3rd, 2021. In order to keep getting Dependabot updates, please migrate to GitHub-native Dependabot. -Open pull requests from Dependabot Preview will remain open, including the pull request to upgrade to GitHub-native Dependavot, but the bot itself will no longer work on your {% data variables.product.prodname_dotcom %} accounts and organizations. +Open pull requests from Dependabot Preview will remain open, including the pull request to upgrade to GitHub-native Dependabot, but the bot itself will no longer work on your {% data variables.product.prodname_dotcom %} accounts and organizations. {% endwarning %}