cli
cli copied to clipboard
dependabot
A tool for testing and debugging Dependabot update jobs.
Bumps the all group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action). Updates `github/codeql-action` from 3.30.1 to 3.30.6 Release notes Sourced from github/codeql-action's releases. v3.30.6 CodeQL Action Changelog...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
GitHub Actions workflows without explicit permissions default to elevated access. This PR explicitly sets minimal required permissions on all workflows following the principle of least privilege. ### Changes - **ci.yml**...
See https://github.com/dependabot/dependabot-core/pull/13275
I recently needed to run the CLI inside containers (due to our CI platform). Not sure if there's an existing solution to run the CLI inside Docker because the CLI...
So the cli won't start if the token is not read-only, but when you give it a read-only token it then dies with this message: ``` updater | remote: Write...
After a long debugging process, I've isolated the issue to a FileNotFoundException that occurs inside the dependabot-updater-nuget container. It seems the container image is missing the Microsoft.Build assembly required to...
## Summary We use `dependabot/cli` to scan feature branches in CI. The CLI currently outputs only what it can update (typically direct deps or cases fixable via lockfile), which means...
Would it be possible to provide the default label information in the results, somehow? Todays output does not have this information, and this would be nice to have, especially when...
I was exploring the possibility of using `dependabot/cli` as a library within my own project, but ran into a roadblock: all the relevant packages are marked as `internal`, which prevents...
Hi, I've put this as a `dependabot.yml`: ``` version: 2 registries: bcp: type: python-index url: https://pkgs.dev.azure.com/.../pypi/simple/ token: updates: - package-ecosystem: pip directory: "/" registries: - bcp ``` While doing this:...
Metadata
Owner
Metadata
A tool for testing and debugging Dependabot update jobs.