Kirby repository - add GitHub Dependabot for security updates of dependencies?

warg · June 28, 2020, 11:41am

Hello,

I think this is something for you @lukasbestle @bastianallgeier. Some time ago you enabled the ‘Security’ tab of the Kirby 3 GitHub repository. I think another improvement would be to add the GitHub Dependabot to get automatic notifications about security updates for dependencies which Kirby 3 relies on. What do you think?

For reference, see this:

https://help.github.com/en/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository

I created no GItHub issue because I’m not sure it belongs there.

Best Regards,

lukasbestle · June 28, 2020, 12:13pm

We have already enabled Dependabot alerts.

warg · June 28, 2020, 12:27pm

Glad to hear and it’s interesting to know. I remember how I was able to see these notifications or information on other repositories and saw nothing on this GitHub repository so I thought it was disabled. I didn’t know you can hide them from other ppl. Thank you for the information!

lukasbestle · June 28, 2020, 12:44pm

You can’t disable them for other people, you have to explicitly enable them for each user or GitHub team.