feat(ci): Activate dependabot

Open reitzig opened this issue 1 year ago • 2 comments

Getting automated PRs is a huge help in staying on top of dependencies.

Specifically when it comes to (known) vulnerabilities; trivy currently has this to say about popeye (0.21.3):

Notice how all of these have fixes -- dependabot can provide a fix in no time!

Apr 05 '24 18:04 reitzig

@derailed , is this something you're likely to consider?

If you are more interested in Renovate, e.g. for derailed/popeye:Dockerfile, I can contribute a config for that, as well.

Apr 23 '24 17:04 reitzig

@reitzig Thank you Raphael! Yes. We should also scan for docker deps and also set the schedule interval to weekly.

Apr 23 '24 17:04 derailed