Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Dependabot Config #24

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Create Dependabot Config #24

wants to merge 5 commits into from

Conversation

georgetayqy
Copy link
Contributor

To ensure better security of the application, let's move to implement automated Dependabot checks of dependencies and create PRs that aim to resolve security issues.

dependabot bot and others added 5 commits July 12, 2024 17:18
@dependabot
Update pillow requirement (#6)
ac6d87b 
Updates the requirements on [pillow](https://github.com/python-pillow/Pillow) to permit the latest version.

Updates `pillow` to 10.4.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@8.2.0...10.4.0)

---
updated-dependencies:
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Update cryptography requirement (#5)
5b67f5b 
Updates the requirements on [cryptography](https://github.com/pyca/cryptography) to permit the latest version.

Updates `cryptography` to 42.0.8
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@3.4.7...42.0.8)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @georgetayqy
Update requests requirement (#4)
f6465ec 
Updates the requirements on [requests](https://github.com/psf/requests) to permit the latest version.

Updates `requests` to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.25.1...v2.32.3)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: George Tay <georgetay71@gmail.com>
@dependabot
Bump the pip group across 2 directories with 2 updates (#7)
bb2314d 
Updates the requirements on [requests](https://github.com/psf/requests) and [certifi](https://github.com/certifi/python-certifi) to permit the latest version.

Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

Updates `certifi` from 2024.2.2 to 2024.7.4
- [Commits](certifi/python-certifi@2024.02.02...2024.07.04)

Updates `requests` to 2.32.3
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

---
updated-dependencies:
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@georgetayqy
Create Dependabot configuration
ce74660
@georgetayqy
Copy link
Contributor Author

georgetayqy commented Jul 13, 2024
edited
Loading

This PR also upgrades the dependencies of the older application, keeping it secure from security vulnerabilities.

@georgetayqy
Copy link
Contributor Author

This PR should be merged before #26.

@georgetayqy
Copy link
Contributor Author

DO NOT MERGE

This feature is currently KIV.

@georgetayqy georgetayqy deleted the create-dependabot-config branch July 25, 2024 07:26
@georgetayqy georgetayqy restored the create-dependabot-config branch July 28, 2024 13:40
@georgetayqy georgetayqy reopened this Jul 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@georgetayqy