Skip to content

Implement GitHub Dependabot Configuration for Automated Vulnerability Scanning and resolution #1753

Description

@jimmypalelil

Objective

Automate vulnerability scanning and resolution for dependencies across the codebase by introducing a standard Dependabot configuration.

Tasks & Requirements

Create and commit a .github/dependabot.yml configuration file to the root of the repository with the following specifications:

  • Security Updates: Configure security updates to run daily for all relevant dependency ecosystems used in the project (e.g., poetry for Python/Flask, pnpm for Node/Firebase).
  • Version Updates: Configure routine version updates on a weekly schedule to scan for non-vulnerable updates and keep dependencies current.
  • Default Reviewers: Automatically assign the default reviewer group to the pull requests

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions