[
https://issues.apache.org/jira/browse/DAFFODIL-2528?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
John Interrante reassigned DAFFODIL-2528:
-----------------------------------------
Assignee: John Interrante
> Enable dependabot for github actions
> ------------------------------------
>
> Key: DAFFODIL-2528
> URL: https://issues.apache.org/jira/browse/DAFFODIL-2528
> Project: Daffodil
> Issue Type: New Feature
> Components: Infrastructure
> Reporter: John Interrante
> Assignee: John Interrante
> Priority: Major
>
> I noticed that Commons IO has merged dependabot PRs to update GitHub Actions,
> which is an useful feature we may want to enable in Daffodil repositories
> too.
> We need to add a new file $REPO/.github/dependabot.yml to enable this
> feature. There is a possibility Dependabot may try to update Scala
> dependencies too but we probably can disable that through configuration if
> that happens (see the second link).
> [Dependabot now updates your Actions workflows | The GitHub
> Blog|https://github.blog/2020-06-25-dependabot-now-updates-your-actions-workflows/]
> [Enabling and disabling version updates - GitHub
> Docs|https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/enabling-and-disabling-version-updates#enabling-github-dependabot-version-updates]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
