jprdonnelly/docs
1
0
Fork 0
mirror of synced 2025-12-23 21:07:12 -05:00
Code Issues Projects Releases Wiki Activity
36,358 Commits 28 Branches 1 Tag
592ca1b51f8f9a19cea0f1bcfe024e2147964ff2
Commit Graph

209 Commits

Author SHA1 Message Date
Rotzbua
6769bce8d4 Fix dependabot examples 
* Fix deprecation warning message
* GH Action should use just main version
 2023-01-30 00:03:51 +01:00
Kevin Heis
74e64648e6 Reformat towards deprecation 3.3 (#34181) 2023-01-26 16:13:09 +00:00
mc
96442f076c Security tab - use correct formatting (bold) (#34174) 2023-01-25 18:46:34 +00:00
Anne-Marie
79ff2bc7f6 Improvements to Dependabot alerts #8291 (#33984) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-01-20 12:16:06 +00:00
André Schröder
47617bea3b Update content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-01-17 23:31:00 +01:00
André Schröder
4b1ab1e649 such as -> that is 2023-01-17 23:27:03 +01:00
André Schröder
a94bd3f84d Merge branch 'main' into feat/document-dependabot-prefix 2023-01-17 23:24:33 +01:00
Sean Killeen
498107c24e Fix "low hanging fruit" spelling errors (#23216) 2023-01-17 19:30:29 +00:00
mc
c664161729 Update content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md 2023-01-16 14:23:54 +00:00
mc
61446f056e [Ready for merging - 2023-01-12] - Pausing / unpausing Dependabot updates and related notifications (#33379) 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: Erin Havens <erinhav@github.com>
Co-authored-by: Anne-Marie <102995847+am-stead@users.noreply.github.com>
 2023-01-12 17:40:37 +00:00
David McIntosh
c87259c404 Dependabot supports gomod indirect dependency filtering (#33884) 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-01-12 10:27:15 +00:00
André Schröder
f8cd135f20 make it more clear that a scope follows after "Composer" 2023-01-10 23:35:26 +01:00
André Schröder
64cbb8711d fix concern: add suggested sentence 2023-01-10 23:35:22 +01:00
Joe Clark
471701851f Add documentation for GitHub Actions configuration variables (#33119) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Tauhid Anjum <tauhidanjum@gmail.com>
Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
 2023-01-10 05:17:34 +00:00
mc
2b9b5cf174 Merge branch 'main' into feat/document-dependabot-prefix 2023-01-09 14:33:14 +00:00
mc
dc541ae874 Update content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md 2023-01-09 14:17:48 +00:00
Anne-Marie
ce4065413a [Improvement]: make pricing model clearer for Dependabot #6770 (#33305) 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-01-03 06:30:02 +00:00
André Schröder
e1cef5e7d5 Document behavior of prefix in dependabot.yml 
It would have been helpful to me if the documentation was more
straight-forward about that a `:` is appended to the commit title by
default and how to disable that the `:` is appended.

For reference, here is the implementation:
06702c83e5/common/lib/dependabot/pull_request_creator/pr_name_prefixer.rb (L75-L83)
 2022-12-28 13:53:41 +01:00
Lucas Costi
30adcf1210 Add raw tags to Dependabot Actions code (#33534) 2022-12-14 02:01:43 +00:00
mc
502af8f776 Dependabot does not access public registries when the user has configured private registries - fix broken link (#33515) 2022-12-13 19:55:02 +00:00
Sophie
48524a0a7d [2022-12-13]: Dependabot does not access public registries when the user has configured private registries - [GA] (#33310) 
Co-authored-by: Jake Coffman <jakecoffman@github.com>
Co-authored-by: Anne-Marie  <102995847+am-stead@users.noreply.github.com>
Co-authored-by: Nish Sinha <nishnha@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Ankit Honey <honeyankit@github.com>
 2022-12-13 19:22:06 +00:00
Anne-Marie
6c3854a5f7 [2022-11-29]: Dependabot Alerts: Audit Log Improvements - [GA] #8657 (#32989) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Vanessa <vgrl@github.com>
 2022-11-29 21:31:28 +00:00
mc
06667bb26e Describe how Dependabot chooses to rebase pull requests (#32993) 2022-11-29 17:19:08 +00:00
Jules
4e0d5f63b1 Adds dependabot actions support (#32815) 2022-11-23 20:20:39 +00:00
Anne-Marie
f7d1ef5023 [2022-11-23]: Dependabot support for private Hex repositories - [GA] #8667 (#32661) 
Co-authored-by: Landon Grindheim <landon.grindheim@gmail.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-23 20:08:16 +00:00
Zach Willard
34bc43e26b Update configuring-dependabot-security-updates.md 
This makes the documentation consistent with the example and the other page here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit

It could catch someone off-guard if they use the config option in the paragraph instead of the example.
 2022-11-21 09:41:31 -06:00
Mattt
600d45f482 Update to new limit for Dependabot commit message prefix (#32363) 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-18 17:12:47 +00:00
Markus Schulte
3203ecbc31 Warn to wait for checks if using Dependabot auto-merge (#21607) 2022-11-15 12:29:49 +00:00
Jules
fff651b887 Dependabot version updates for forks (#32271) 
Co-authored-by: github-actions <github-actions@github.com>
 2022-11-07 17:50:37 +00:00
Sophie
afa177191a [2022-10-07]: Dependabot alerts to deprecate repository banners (i.e. "UI" notifications)- [GA] (#32274) 
Co-authored-by: github-actions <github-actions@github.com>
 2022-11-04 23:00:02 +00:00
Sophie
b07d1c370c [Improvement]: Refactor the articles about security advisories (#31807) 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: github-actions <github-actions@github.com>
 2022-10-27 14:40:52 +00:00
Courtney Wilson
9ab6911944 Merge branch 'main' into use-consistant-wording-for-github-dot-com 2022-10-26 08:38:01 -05:00
Rachael Sewell
3e998f61d5 use azure blob storage for archived enterprise versions (#31883) 
Co-authored-by: Laura Coursen <lecoursen@github.com>
Co-authored-by: mchammer01 <42146119+mchammer01@users.noreply.github.com>
 2022-10-25 12:03:38 -07:00
mc
edcf908930 Update content/code-security/dependabot/dependabot-alerts/editing-security-advisories-in-the-github-advisory-database.md 2022-10-25 11:23:55 +01:00
mc
091519ec5d Merge branch 'main' into use-consistant-wording-for-github-dot-com 2022-10-25 08:45:35 +01:00
Anne-Marie
c0859e564a [2022-10-24]: Dependabot Updates supporting the increase-if-necessary versioning strategy for Python - [GA] #8372 (#31944) 2022-10-24 18:33:39 +00:00
indigolain
273c130d39 Use consistant wording for GitHub.com 2022-10-23 15:19:19 +09:00
Anne-Marie
0e03452f9c [2022-10-20]: Dependabot updates for Yarn v3 - [GA] (#31471) 
Co-authored-by: Jurre <jurre@github.com>
 2022-10-20 16:24:05 +00:00
Joe Clark
74a679dc51 Make product variables for Enterprise translation-friendly (#31628) 
Co-authored-by: Laura Coursen <lecoursen@github.com>
Co-authored-by: Evan Bonsignori <ebonsignori@github.com>
 2022-10-17 18:54:05 +00:00
mc
7542f27c8f Add "Best practice" article for writing security advisories (#31414) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2022-10-14 08:25:36 +00:00
mc
1db87819ee GitHub Advisory Database - add pub to list of supported ecosystems (#31560) 2022-10-10 14:38:12 +00:00
mc
90bac38ab1 Update content/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file.md 2022-10-10 08:53:30 +01:00
Jeff Widman
97e82c0ca8 Cleanup docker registry docs 
Dependabot now supports:
1. Public AWS ECR: https://github.com/dependabot/dependabot-core/issues/4212
2. Microsoft Azure Container Registry: https://github.com/dependabot/dependabot-core/issues/3689
3. Any registry that uses HTTP Basic Auth instead of the OCI-spec-compliant central token service: https://github.com/dependabot/dependabot-core/issues/3689#issuecomment-1272037775

So now that we support all the major docker/container registry providers, there's no need to individually list them... this way we don't have folks wondering "my registry wasn't explicitly listed, is it supported?"

So switch to mention the two authentication schemes that we support and leave it at that.

Note: I left the `ecr-docker` example, as that is a one-off workaround we added to our internal code a long time ago because ECR isn't OCI compliant. So still needs the custom key to indicate the workaround should be used. Long term I hope ECR migrates to a more standard auth flow and we can eliminate that custom workaround, but they're not there yet.
 2022-10-07 14:02:45 -07:00
Victor Lin
d740a8257e Fix incorrect comment on GitHub Actions example 2022-10-06 13:28:39 -07:00
Hervé
dc2f715bc1 Fix wording 2022-10-05 09:44:41 +02:00
Christopher Kintner
82ed39fa01 note that dependabot.yml cannot be used to configure dependabot alerts (#31397) 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-10-04 16:14:31 +00:00
Anne-Marie
37e362868b Edits to Notification Settings page following redesign (#30999) 
Co-authored-by: github-actions <github-actions@github.com>
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
 2022-10-04 12:01:17 +00:00
mc
253e2a4666 Merge branch 'main' into mchammer01/dependabot-yml-weekly 2022-09-30 15:28:43 +01:00
mc
c4f1f8659f Update content/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot.md 
Co-authored-by: Sophie <29382425+sophietheking@users.noreply.github.com>
 2022-09-30 15:25:02 +01:00
PSJ
8783f5960a Update steps to create repo secrets (#18175) 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
Co-authored-by: Lucas Costi <lucascosti@users.noreply.github.com>
 2022-09-30 03:51:47 +00:00