Skip to content

Releases: javiertuya/dependabot-script

v1.2.2

12 Mar 15:44
@javiertuya javiertuya
v1.2.2
be5d130
Compare
Choose a tag to compare
v1.2.2 Latest
Latest

Update dependabot-core to v0.215.0 (merged with upstream at 2013-01-11)

Assets 2
Loading

v1.2.1

29 Jan 17:08
@javiertuya javiertuya
v1.2.1
7c0897f
Compare
Choose a tag to compare
v1.2.1
  • Schedules a reminder to open security update issues if they have not been updated for two weeks
  • Schedules a reminder to open merge request if they have not been updated for two weeks (including non-dependabot)
Assets 2
Loading

v1.2.0

20 Mar 16:53
@javiertuya javiertuya
v1.2.0
bfa94a8
Compare
Choose a tag to compare
v1.2.0
  • Breaking change: Use IGNORE to ignore specific versions instead of IGNORE_VERSION
  • More compact logs on dependency checks
  • Approximate match for ignored dependency names
  • Add prefix to vulnerable dependencies commits
  • Submit an issue for vulnerable dependencies that can not be updated
  • Refactor to keep a cleaner main script
Assets 2
Loading

v1.1.0

03 Mar 19:46
@javiertuya javiertuya
v1.1.0
53671e1
Compare
Choose a tag to compare
v1.1.0
  • Dry run mode (DRY_RUN)
  • Add more log info
  • Exclusion of specified dependencies (IGNORE)
  • Exclusion of specified ranges of versions (IGNORE_VERSIONS)
  • Customizations for docker environment
  • Add label SECURITY-UPDATE to PRs for vulnerable dependencies
Assets 2
Loading