dependabot-terraform-action
dependabot-terraform-action copied to clipboard
patrickjahns
🔧 Github action for running dependabot on terraform repositories with HCL 2.0
Now that https://github.com/dependabot/dependabot-core/issues/1176 is resolved, does it make sense to deprecate this action / archive this repo? I don't know, perhaps it adds some functionality beyond what Dependabot provides that...
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.9 to 1.13.4. Release notes Sourced from nokogiri's releases. 1.13.4 / 2022-04-11 Security Address CVE-2022-24836, a regular expression denial-of-service vulnerability. See GHSA-crjr-9rc5-ghw8 for more information. [CRuby] Vendored...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.10.9 to 1.12.0. **This update includes security fixes.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. XXE in Nokogiri Severity Nokogiri maintainers have evaluated this as...
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot] avatar"){kind=avatar}
Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0. **This update includes a security fix.** Vulnerabilities fixed Sourced from The GitHub Security Advisory Database. Regular Expression Denial of Service in Addressable templates Impact...
_Dependabot Preview will be shut down on August 3rd, 2021. In order to keep getting Dependabot updates, please merge this PR and migrate to GitHub-native Dependabot before then._ Dependabot has...
I don't really get, why the providers aren't updated in my modules. This is basically how my action is looking: ```yaml name: Update terraform dependencies on: workflow_dispatch: jobs: dependabot-terraform: runs-on:...
big thanks for putting this together, I'm a ruby and actions noob so would have been v difficult to get started without this good work. As per the tests, I'm...
Currently this action fails when it encounters versions like this `version = "~> 13, 13,
Thanks for making an HCL 2.0 compatible dependabot available! ❤️ Is submodule syntax known to be supported? I'm using a block such as ```hcl module "sg_http_inbound" { source = "terraform-aws-modules/security-group/aws//modules/http-80"...
My private modules in Terraform cloud aren't showing up (Terraform Cloud has a connection to GitHub, which is where these are stored) I've set the `github_dependency_token` to a token which...
Metadata
Owner
Metadata
🔧 Github action for running dependabot on terraform repositories with HCL 2.0