Secure your supply chain, understand dependencies in your environment, know about vulnerabilities in those dependencies and patch them.
Nice work enabling, viewing, and creating Dependabot alerts ✨
Enabling Dependabot alerts on our repository was a great step toward improving our code security, but we still had to manually select an alert and then manually select the option to create the pull request. It would be nice to further improve the automation and maintenance of our dependencies! Well, with Dependabot security updates, we can do just that.
What are Dependabot security updates?: When this feature is enabled, Dependabot detects and fixes vulnerable dependencies for you by opening pull requests automatically to resolve Dependabot alerts.
We manually created a pull request to fix the "Prototype Pollution in minimist" alert, but let's enable Dependabot security updates to automate this process for future alerts!
- Navigate to the Settings tab and select Code security and analysis.
- Enable Dependabot security updates. You may need to wait 30-60 seconds before you see any new pull requests.
- Navigate to the Pull requests repository tab and select the newly created pull request that updates axios from version 0.21.1 to a patched version.
- Review and merge the pull request.
Wait about 20 seconds then refresh this page (the one you're following instructions from). GitHub Actions will automatically update this page to display the next step.
Get help: Post in our discussion board • Review the GitHub status page
© 2024 GitHub • Code of Conduct • MIT License