Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FR] Consider using DependaBot for automatic dependencies upgrade #2596

Open
SmashingQuasar opened this issue Jun 14, 2024 · 1 comment
Open

Comments

@SmashingQuasar
Copy link

Is your feature request related to a problem? Please describe.

When working on projects for my clients, I always setup a pnpm audit && yarn audit as a blocking step of my CI pipeline to ensure no known vulnerabilities are going to production.
The firebase-admin-node package has had vulnerable dependencies detected several times which led me to invest time and energy opening issues and PRs.

Describe the solution you'd like

I would like the maintainers of this repository to setup DependaBot or any similar solution so the dependencies upgrade for vulnerabilities do not have to be done manually every time one is detected.

Describe alternatives you've considered

My current alternative is opening issues and PRs manually on the repository.

Additional context

You can find a quickstart guide for DependaBot on Github Docs.

@google-oss-bot
Copy link

I found a few problems with this issue:

  • I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
  • This issue does not seem to follow the issue template. Make sure you provide all the required information.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants