Skip to content

Explicitly configure dependabot so it detects more than just root-level Python.#79

Open
erikrose wants to merge 1 commit into
mainfrom
erik/configure-dependabot
Open

Explicitly configure dependabot so it detects more than just root-level Python.#79
erikrose wants to merge 1 commit into
mainfrom
erik/configure-dependabot

Conversation

@erikrose
Copy link
Copy Markdown
Member

@erikrose erikrose commented Apr 2, 2026

No description provided.

@erikrose erikrose requested a review from posborne April 2, 2026 17:07
posborne
posborne reviewed Apr 2, 2026
View reviewed changes
Comment thread .github/dependabot.yml
- package-ecosystem: "cargo"
directories:
- "/"
- "/crates/wasiless"
Copy link
Copy Markdown
Member

@posborne posborne Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could probably make this use workspace deps which would reduce things down to a single manifest that needs to be considered.

Copy link
Copy Markdown
Member Author

@erikrose erikrose Apr 2, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm for it, though I'm having no luck at the moment due to a wit-bindgen version conflict that doesn't want to resolve. I also now doubt this explicit config is necessary, as dependabot's failure to open PRs for Rust packages may be due to it detecting those vulns before we had enabled PR-filing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@posborne posborne posborne approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@erikrose @posborne