ci(deps): add dependabot config for gomod and github actions#27
Merged
Conversation
Weekly version updates for the root and tools Go modules and for GitHub Actions. Commit prefixes use non-releasing types (build/ci) so dependabot PRs pass the conventional-title check without triggering releases.
Resolves both Dependabot alerts (moderate: sensitive data leak in logs on malformed input). Transitive dependency of the tools module only; the shipped binary is unaffected.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #27 +/- ##
=======================================
Coverage 78.17% 78.17%
=======================================
Files 10 10
Lines 1283 1283
=======================================
Hits 1003 1003
Misses 204 204
Partials 76 76 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Complements the repo security settings enabled today (Dependabot alerts + security updates, secret scanning with push protection, private vulnerability reporting, CodeQL default setup): this config adds proactive weekly version updates on top of the reactive security-only ones.
gomodfor the root module andtools/module.github-actionsfor workflow actions (so the majors bumped in ci(badges): upload coverage to codecov and add README badges #24 stay current automatically).build(deps)/ci(deps)— pass the Conventional PR Title check and are non-releasing per docs/releasing.md.