Setup Dependabot

Question

Setup Dependabot

jongwooo opened this issue 10 months ago · 5 comments

Description:

If we add dependabot to the list of bots we can continuously check our dependencies.

Why:

Updating manually, like in #426, #641, requires checking for dependency updates every time. Automating this with dependabot will save us a lot of work.

Answer 1 · 2023-10-20T04:40:44.000Z

We are currently using dependabot in yorkie-js-sdk.
It will be good to introduce dependabot in yorkie too.

Thanks!

Answer 2 · 2023-10-20T04:43:32.000Z

I thought we already used the bot in this repository. How can we add the bot to the list of bots?
https://github.com/yorkie-team/yorkie/commits?author=dependabot%5Bbot%5D

Answer 3 · 2023-10-20T04:52:33.000Z

Oh, we had dependabot in this repo. But it seems like this bot is barely updating dependencies.

Answer 4 · 2023-10-20T05:41:55.000Z

Oh, we had dependabot in this repo. But it seems like this bot is barely updating dependencies.

GitHub may create automated security fix PRs to repositories affected by vulnerabilities disclosed by recently published GitHub security advisories. However, for normal version updates, we need to configure dependabot.yml in the project.

Answer 5 · 2023-11-07T07:22:40.000Z

@jongwooo Thanks for your explanation. Feel free to send a PR about this.