我正在使用 GitHub Dependabot.yml,版本 2。
version: 2
updates:
# Nuget Packages
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "monthly"
version: 1
update_configs:
- package_manager: "dotnet:nuget"
directory: "/"
update_schedule: "monthly"
allowed_updates:
- match:
update_type: "security"
谢谢
最佳答案
是的,我遇到了同样的问题,然后我发现了这样的问题 github community thread .
I remembered where I saw this. When using the original dependabot from the marketplace one configuration option is to only perform security updates. I have that set from one of my repositories. There is now an option in the original dependabot to generate a dependabot.yml configuration file using the settings configured in the original dependabot (to assist in transitioning to using dependabot.yml). When I do so for the repository with only security updates enabled I receive this message:
You’re using unsupported features This repository is configured to only scan for security updates. Configuring security updates using the new config file is not supported. You can instead enable Dependabot Security Updates from the repository security settings page 18.
听起来像是在dependabot v2 中,他们已经将安全更新分离到UI 配置中,这与GitHub 操作 secret 一样糟糕。但是看起来您不再需要依赖机器人来为依赖项配置安全补丁。
如果这有帮助,请告诉我。
关于github - 如何让dependabot仅触发安全更新,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64047526/