Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CI:DOCS] Disable dependabot #1837

Merged
merged 1 commit into from
Feb 8, 2023
Merged

Conversation

cevich
Copy link
Member

@cevich cevich commented Feb 8, 2023

Fixes: #1836

Ref: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates

Disabling it via the WebUI isn't good enough, the configuration file must also be absent.

Signed-off-by: Chris Evich cevich@redhat.com

Ref: https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates

Disabling it via the WebUI isn't good enough, the configuration file
must also be absent.

Signed-off-by: Chris Evich <cevich@redhat.com>
@mtrmac
Copy link
Collaborator

mtrmac commented Feb 8, 2023

Thanks!

(Looking at https://github.com/containers/image/settings/security_analysis , we are not using security alerts either, any more.)

@mtrmac mtrmac merged commit eda3b7e into containers:main Feb 8, 2023
@jycamier
Copy link

jycamier commented Mar 9, 2023

@cevich i'm curious. Why you disable dependabot ?

@cevich
Copy link
Member Author

cevich commented Mar 9, 2023

@jycamier it's been replaced by Renovate.

@jycamier
Copy link

jycamier commented Mar 9, 2023

@cevich I know but why ?

@cevich
Copy link
Member Author

cevich commented Mar 9, 2023

Renovate has more useful features and options to control it's behavior based on a centralized/standard set of defaults that we author. Plus a regular-expression manager that can be used to manage things like CI-related updates.

@jycamier
Copy link

Alright ! Thank you ! 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Disable Dependabot filing version updates
3 participants