Skip to content

Create Dependabot Config #24

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
georgetayqy wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Create Dependabot Config #24

georgetayqy wants to merge 5 commits into from

Conversation

@georgetayqy
Copy link
Contributor

@georgetayqy georgetayqy commented Jul 12, 2024

To ensure better security of the application, let's move to implement automated Dependabot checks of dependencies and create PRs that aim to resolve security issues.

dependabot bot and others added 5 commits July 12, 2024 17:18
@dependabot
Update pillow requirement (#6)
ac6d87b 
Updates the requirements on [pillow](https://github.com/python-pillow/Pillow) to permit the latest version.

Updates `pillow` to 10.4.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@8.2.0...10.4.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Update cryptography requirement (#5)
5b67f5b 
Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.

Updates `cryptography` to 42.0.8
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@3.4.7...42.0.8)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @georgetayqy
Update requests requirement (#4)
f6465ec 
Updates the requirements on [requests](https://github.com/psf/requests) to permit the latest version.

Updates `requests` to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.32.3)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Tay <[email protected]>
@dependabot
Bump the pip group across 2 directories with 2 updates (#7)
bb2314d 
Updates the requirements on [requests](https://github.com/psf/requests) and [certifi](https://github.com/certifi/python-certifi) to permit the latest version.

Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

Updates `certifi` from 2024.2.2 to 2024.7.4
- [Commits](certifi/python-certifi@2024.02.02...2024.07.04)

Updates `requests` to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@georgetayqy
Create Dependabot configuration
ce74660
@georgetayqy
Copy link
Contributor Author

georgetayqy commented Jul 13, 2024
edited
Loading

This PR also upgrades the dependencies of the older application, keeping it secure from security vulnerabilities.

@georgetayqy
Copy link
Contributor Author

georgetayqy commented Jul 16, 2024

This PR should be merged before #26.

@georgetayqy
Copy link
Contributor Author

georgetayqy commented Jul 18, 2024

DO NOT MERGE

This feature is currently KIV.

@georgetayqy georgetayqy deleted the create-dependabot-config branch July 25, 2024 07:26
@georgetayqy georgetayqy restored the create-dependabot-config branch July 28, 2024 13:40
@georgetayqy georgetayqy reopened this Jul 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@georgetayqy