go-datastructures icon indicating copy to clipboard operation
go-datastructures copied to clipboard

Published 20 hours ago verified publisher icon Workiva

Add Dependabot to repository for automatic package updates

Open matthewsullivan-wf opened this issue 5 years ago • 2 comments

Dependabot, a solution for automatic package updates, is being enabled on all production repositories to aid in vulnerability management. This is an automated PR which has taken a best-guess approach to detecting your repo lanauge and package manager. Please closely review and create additional commits if you would like (or need) to make modifications. Your prompt attention is appreciated! If you have questions, please comment directly on this PR. For more information about available configuration options, please see the available Dependabot options at https://dependabot.com/docs/config-file/

matthewsullivan-wf avatar Feb 28 '20 00:02 matthewsullivan-wf

Security Insights

No security relevant content was detected by automated scans.

Action Items

  • Review PR for security impact; comment "security review required" if needed or unsure
  • Verify aviary.yaml coverage of security relevant code

Questions or Comments? Reach out on Slack: #support-infosec.

aviary-wf avatar Feb 28 '20 00:02 aviary-wf

I don't think dependabot support glide so we should update to go mod

brianshannan-wf avatar Feb 28 '20 00:02 brianshannan-wf