[StepSecurity] Apply security best practices #7278
Conversation
Signed-off-by: StepSecurity Bot <[email protected]>
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
i'd probably move to close - I like this tool but I think we have this guidance handled already |
It's anoying you cannot have a preview of changes |
we know what this is doing. it's completely ignoring all of our configuration and adding new config at the bottom, running EVERY dependency independently, without grouping, daily this is not better than what we have today |
|
i definitely allow with you |
|
Hi @AugustinMauroy thanks for using StepSecurity to create this PR. I wanted to mention why the tool added those sections. It is because the current dependabot config only applies to the root package.json file and will not update dependencies in the package.json files in the Also, you can preview changes when using the tool before creating a PR (screenshot below). Please let me know if you have any questions/ comments. Happy to help and discuss any improvement ideas. |
|
How wow I didn't know that that super cool ! Thanks |
|
What? This is the history of the apps/site package.json
|
Summary
This pull request is created by StepSecurity at the request of @AugustinMauroy. Please merge the Pull Request to incorporate the requested changes. Please tag @AugustinMauroy on your message if you have any questions related to the PR.
Security Fixes
Keeping your actions up to date with Dependabot
With Dependabot version updates, when Dependabot identifies an outdated dependency, it raises a pull request to update the manifest to the latest version of the dependency. This is recommended by GitHub as well as The Open Source Security Foundation (OpenSSF).
Feedback
For bug reports, feature requests, and general feedback; please email [email protected]. To create such PRs, please visit https://app.stepsecurity.io/securerepo.
Signed-off-by: StepSecurity Bot [email protected]