Michael Waddell

We really need the ability to show a dependabot badge in the README of our private repos because there is otherwise no way to know if Dependabot has been failing...

Maybe this could be finally addressed using a custom workflow (see task #4680)?

Have you tried having a github action which runs when a dependabot-created PR is closed and issues a POST request to `/{owner}/{repo}/network/updates?update_config_id={update_config_id}` to force a new dependabot run?

> @mwaddell would need to do web-scraping to get the cookies (as the url is not an API-URL), right? Yes, you're correct, so it's only useful for doing a manual...

Solving this is a more general way is a bit beyond dependabot's scope. However, you should be able to solve this with a [custom github workflow](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#common-dependabot-automations). You would create an...

Solving this is a more general way is a bit beyond dependabot's scope. However, you should be able to solve this with a [custom github workflow](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#common-dependabot-automations). You would create an...

This makes `gh pr status` useless in github-actions - see https://github.com/pangaeatech/azure-test-deployment/pull/8#issuecomment-1065807897 Is there a way to specify the PR URL when calling this?

Is there a way to explicitly set the upstream config from github actions as a workaround for this?

Is there any ETA on this? The version of d3-color which react-d3-speedometer relies on has a ReDoS vulnerability - https://github.com/advisories/GHSA-36jr-mh4h-2g58

Gotcha - I'll try switching to the 2.x branch with React 18. Thanks!