Skip to content

chore: add dependabot.yml #3725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: add dependabot.yml #3725

wants to merge 1 commit into from

Conversation

PavelSBorisov
Copy link
Member

Description:

Adding dependabot.yml

Related issue(s):

Fixes #3640

Notes for reviewer:

Checklist

  • Documented (Code comments, README, etc.)
  • Tested (unit, integration, etc.)

@PavelSBorisov
chore: add dependabot.yml
4f086e4 
Signed-off-by: PavelSBorisov <pavel.s.borisov@gmail.com>
@PavelSBorisov PavelSBorisov added github_action Audit Issues resulting from a code or process audit labels Apr 24, 2025
@PavelSBorisov PavelSBorisov self-assigned this Apr 24, 2025
@PavelSBorisov PavelSBorisov requested a review from a team as a code owner April 24, 2025 13:56
@PavelSBorisov PavelSBorisov linked an issue Apr 24, 2025 that may be closed by this pull request
Configure dependabot.yml #3640
Open
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 24, 2025
edited
Loading

Test Results

 23 files  +  3  300 suites  +49   53m 5s ⏱️ + 12m 14s
630 tests ±  0  621 ✅  -   3  4 💤 ±0  5 ❌ +3 
933 runs  +203  923 ✅ +199  4 💤 ±0  6 ❌ +4 

For more details on these failures, see this check.

Results for commit 4f086e4. ± Comparison against base commit 014f26f.

This pull request removes 1 and adds 1 tests. Note that renamed tests count towards both. 
"before all" hook in "RPC Server Acceptance Tests" ‑ RPC Server Acceptance Tests Acceptance tests @api-batch-1 RPC Server Acceptance Tests RPC Server Acceptance Tests "before all" hook in "RPC Server Acceptance Tests"

"after all" hook in "@web-socket-batch-1 eth_getBlockByHash" ‑ RPC Server Acceptance Tests Acceptance tests @web-socket-batch-1 eth_getBlockByHash "after all" hook in "@web-socket-batch-1 eth_getBlockByHash"

♻️ This comment has been updated with latest results.

quiet-node
quiet-node reviewed Apr 24, 2025
View reviewed changes
.github/dependabot.yml
- "/tools/hardhat-viem-example"
- "/tools/solidity-coverage-example"
- "/tools/subgraph-example"
- "/tools/truffle-example"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since truffle projects are sunset and no longer receive any new updates or security patches, the Relay team has agreed to remove the /tools/truffle-example entirely. Should we remove this?

.github/dependabot.yml
@@ -0,0 +1,42 @@
version: 2
updates:
- package-ecosystem: "npm"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious—how do you resolve security alerts for projects that aren’t NPM-based? The tools/ folder also contains a couple of Go and Rust projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@quiet-node quiet-node quiet-node left review comments

@leninmehedy leninmehedy Awaiting requested review from leninmehedy leninmehedy is a code owner automatically assigned from hiero-ledger/github-maintainers

At least 2 approving reviews are required to merge this pull request.

Assignees

@PavelSBorisov PavelSBorisov

Labels
Audit Issues resulting from a code or process audit github_action
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Configure dependabot.yml
2 participants
@PavelSBorisov @quiet-node