fetch-metadata
fetch-metadata copied to clipboard
dependabot
Extract information about the dependencies being updated by a Dependabot-generated PR.
In dependabot.yml, package-ecosystem for submodules is `gitsubmodule`. When output by this action, the result is just `submodules`. Since the package ecosystem is documented to be: > The `package-ecosystem` configuration that...
The `external_identifier` field contains the CVE-ID, which should be quite easy to include in this action. Did I miss it or has this not (yet) been implemented? Thanks!
Updating the dist manually is a hassle. I'd be nice if we had some sort of automation to update the pull request Dist when there are new changes
According to https://github.blog/changelog/2022-04-06-dependabot-alert-api-adds-relevant-update-info-to-the-schema, dependabot alerts are now easily connected to the relevant pull requests. I was wondering if you are considering leveraging this new feature to simplify the work that...
Currently the README.md briefly mentions that alert-lookup needs a personal access token, but it doesn't specify what permissions are actually needed. It would be good to enhance that with a...
It would be great to re-use some of this logic in a [probot](https://probot.github.io/) bot. Would it be possible to publish this to npm?
Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v2.3.0
![fetch-metadata-action-automation[bot] avatar](https://avatars.githubusercontent.com/u/27347476?v=4 "fetch-metadata-action-automation[bot] avatar"){kind=avatar}
Currently the workflow makes a GraphQL request that looks something like: ```graphql repository(owner: "${context.repo.owner}", name: "${context.repo.repo}") { vulnerabilityAlerts(first: 100) { nodes { ... } } } ``` So only the...
Bumps the dev-dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `20.11.20` |...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
I think the output directory is set to `/{branch-name}` when `target-branch` is specified in `dependabot.yml`, a single npm dependency is updated, and that dependency is scoped (has two segments). `dependabot.yml`...
Metadata
Owner
Metadata
Extract information about the dependencies being updated by a Dependabot-generated PR.