jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-19 18:10:59 -05:00
Code Issues Projects Releases Wiki Activity

Add Dependabot ecosystem support for bun - [GA] #16918 (#54219)

Browse Source
This commit is contained in:
Anne-Marie
2025-02-13 16:20:12 +00:00
committed by GitHub
parent 6be18c4287
commit e3cfa18a74
4 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
content/code-security/dependabot/working-with-dependabot/dependabot-options-reference.md
View File

@@ -372,6 +372,9 @@ When `open-pull-requests-limit` is defined:
Package manager | YAML value | Supported versions | Package manager | YAML value | Supported versions |
---------------|------------------|:------------------:| ---------------|------------------|:------------------:|
| {% ifversion dependabot-bun-support %} |
| Bun | `bun` | >=v1.1.39 |
| {% endif %} |
| Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 | | Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 |
| Cargo | `cargo` | v1 | | Cargo | `cargo` | v1 |
| Composer | `composer` | {% ifversion dependabot-updates-composerv1-closing-down %}v2{% else %}v1, v2{% endif %} | | Composer | `composer` | {% ifversion dependabot-updates-composerv1-closing-down %}v2{% else %}v1, v2{% endif %} |

10
content/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot.md
View File

@@ -28,6 +28,8 @@ This article contains recommendations and advice to help you configure {% data v
You'll find detailed guidance for the setup of the following package managers: You'll find detailed guidance for the setup of the following package managers:
{% ifversion dependabot-bun-support %}
* [Bun](#bun){% endif %}
* [Bundler](#bundler){% ifversion dependabot-updates-cargo-private-registry-support %} * [Bundler](#bundler){% ifversion dependabot-updates-cargo-private-registry-support %}
* [Cargo](#cargo){% endif %} * [Cargo](#cargo){% endif %}
* [Docker](#docker) * [Docker](#docker)
@@ -52,6 +54,14 @@ You'll also find recommendations for the setup of the following registry hosts:
## Configuring package managers ## Configuring package managers
{% ifversion dependabot-bun-support %}
### Bun
Bun adheres to the same configuration guidelines as npm. Note that the `.npmrc` file is not required, but can be provided in order to customize the configuration. For detailed steps, see [npm](#npm).
{% endif %}
### Bundler ### Bundler
Supported by Artifactory, Artifacts, Cloudsmith, {% data variables.product.prodname_registry %} registry, Nexus, and ProGet. Supported by Artifactory, Artifacts, Cloudsmith, {% data variables.product.prodname_registry %} registry, Nexus, and ProGet.

6
data/features/dependabot-bun-support.yml Normal file
View File

@@ -0,0 +1,6 @@
# Reference: #16918
# Bun support for Dependabot
versions:
fpt: '*'
ghec: '*'
ghes: '> 3.16'

11
data/reusables/dependabot/supported-package-managers.md
View File

@@ -1,5 +1,8 @@
Package manager | YAML value | Supported versions | Version updates | Security updates | Private repositories | Private registries | Vendoring | Package manager | YAML value | Supported versions | Version updates | Security updates | Private repositories | Private registries | Vendoring |
---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:| ---------------|------------------|------------------|:---:|:---:|:---:|:---:|:---:|
| {% ifversion dependabot-bun-support %} |
[Bun](#bun) | `bun` | >=v1.1.39 | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
| {% endif %} |
Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 | {% octicon "check" aria-label="Supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | Bundler | `bundler` | {% ifversion ghes < 3.15 %}v1, {% endif %}v2 | {% octicon "check" aria-label="Supported" %}| {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} |
[Cargo](#cargo) | `cargo` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} | [Cargo](#cargo) | `cargo` | v1 | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %}{% ifversion dependabot-updates-cargo-private-registry-support %}{% else %} (Git only){% endif %} | {% octicon "x" aria-label="Not supported" %} |
Composer | `composer` | {% ifversion dependabot-updates-composerv1-closing-down %}v2{% else %}v1, v2{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} | Composer | `composer` | {% ifversion dependabot-updates-composerv1-closing-down %}v2{% else %}v1, v2{% endif %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "check" aria-label="Supported" %} | {% octicon "x" aria-label="Not supported" %} |
@@ -38,6 +41,14 @@ poetry | `pip` | v1 | {% octicon "check" aria-l
For further information about ecosystem support for {% data variables.product.prodname_dependabot_security_updates %}, see also [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems). For further information about ecosystem support for {% data variables.product.prodname_dependabot_security_updates %}, see also [AUTOTITLE](/code-security/supply-chain-security/understanding-your-software-supply-chain/dependency-graph-supported-package-ecosystems).
{% ifversion dependabot-bun-support %}
#### Bun
{% data variables.product.prodname_dependabot %} supports the current default text-based `bun.lock` file, but not the legacy binary `bun.lockb` file. The `bun.lock` file is supported in version 1.1.39 and above. For more information, see [Lockfile](https://bun.sh/docs/install/lockfile) in the Bun documentation.
{% endif %}
#### Cargo #### Cargo
{% ifversion dependabot-updates-cargo-private-registry-support %}Private registry support includes cargo registries, so you can use {% data variables.product.prodname_dependabot %} to keep your Rust dependencies up-to-date. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#cargo).{% else %}Private registry support applies to Git registries, and doesn't include cargo registries.{% endif %} {% ifversion dependabot-updates-cargo-private-registry-support %}Private registry support includes cargo registries, so you can use {% data variables.product.prodname_dependabot %} to keep your Rust dependencies up-to-date. For more information, see [AUTOTITLE](/code-security/dependabot/working-with-dependabot/guidance-for-the-configuration-of-private-registries-for-dependabot#cargo).{% else %}Private registry support applies to Git registries, and doesn't include cargo registries.{% endif %}