Stack Overflow
Stack Overflow

Questions tagged [dependabot-script]

11 questions
6
votes
1 answer

How to pass Dependabot OPTIONS properties to dependabot-script in Azure DevOps Pipeline

After following guides like this one I am able to successfully run dependabot against my Azure DevOps repo and it auto creates PRs. The issue is I have some customizations I need to make such as ignoring specific packages as the dependabot…
PressTheAnyKey
  • 133
  • 1
  • 7
6
votes
0 answers

configure NPM version for dependabot

I'm using dependabot to update my NPM dependencies with the following dependabot.yml version: 2 updates: - package-ecosystem: npm directory: "/" schedule: interval: monthly rebase-strategy: auto But dependabot is using a different version…
Antonio Dragos
  • 1,973
  • 2
  • 29
  • 52
3
votes
0 answers

Dependabot not updating the gradle dependencies

I have an Android module called "dependencies" in my app. That's how the Gradle file looks like. dependencies { implementation 'androidx.core:core-ktx:1.7.0' implementation 'androidx.appcompat:appcompat:1.4.1' implementation…
MXC
  • 458
  • 1
  • 5
  • 21
3
votes
0 answers

How can Dependabot automatically merge its pull requests based on Azure pipelines build status?

If Dependabot is enabled to automatically bump dependencies and create pull requests to 'master', how these pull requests can be automated so they are automatically approved and merged if Dependabot's branch passes Azure Devops build pipeline?
Rikai no hōhō
  • 737
  • 1
  • 7
  • 13
2
votes
1 answer

How can I automate the generation of dependabot configuration files for many repositories

I need to configure dependabot for a large number of repos (manually configuring will take days ). Some repos are "single language" such as typescript using a single package.json package-ecosystem: npm while other repositories are styled as "mono…
Avba
  • 14,822
  • 20
  • 92
  • 192
2
votes
0 answers

Autoupdate package.json version with Dependabot

So when Dependabot runs and create a PR with a library update it's updates the library version in the package.json and package-lock.json, but is there any config that I could be missing, that in every PR of the dependabot update the package.json…
Diego
  • 493
  • 1
  • 9
  • 26
0
votes
0 answers

Dependabot ignore and PR creation issue

I was working on integrating dependabot with my repo and all of a sudden , it stops creating a PR updater | 2023/07/31 14:19:11 INFO Finished job processing updater | 2023/07/31 14:19:11 INFO Results: updater |…
Arun Krish
  • 21
  • 1
0
votes
0 answers

What is the maximum time in Dependabot update and how to extend it?

Is there a way to modify the timeout? I do not want to compromise on the coverage of the version update check. For version update configuration, GitHub official documentation states the ways to cater for the timeout but these means are controlling…
BayOtter
  • 209
  • 2
  • 9
0
votes
1 answer

Which public key to use for encrypting dependabot secrets?

I'm following this guide to update Github's dependabot secrets using their newly released API. There's a part that says I need to encrypt my secret value using a public key ... const key = "base64-encoded-public-key"; const value =…
niebula
  • 351
  • 1
  • 6
  • 13
0
votes
2 answers

Dependabot error with Bitbucket server Clients::Bitbucket::NotFound

I have tried dependabot-script with Azure devops and had no big hurdles (I noticed Dependabot throws error repo not found when the I used user access token rather than system access token in ADO), but now trying with enterprise Bitbucket server I…
user3393658
  • 23
  • 1
  • 1
  • 5
0
votes
1 answer

is it possible to tell dependabot to not connect to central maven at all

In enterprise environment, the connection to central maven could be blocked. In this case, i) either don't connect to central maven at all ii) or if the connection to central maven is not successful, don't raise exception, just move on to other…
Ilam
  • 308
  • 3
  • 10