Skip to content
/ dependabot-alerts Public

Notifications of Dependabot alerts across a GitHub organization.

License

BSD-2-Clause license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

hypothesis/dependabot-alerts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits

.cookiecutter

.cookiecutter

 
 

.github

.github

 
 

bin

bin

 
 

src/dependabot_alerts

src/dependabot_alerts

 
 

tests

tests

 
 

.gitignore

.gitignore

 
 

.python-version

.python-version

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

pyproject.toml

pyproject.toml

 
 

setup.cfg

setup.cfg

 
 

tox.ini

tox.ini

 
 

Repository files navigation

Dependabot Alerts

Notifications of Dependabot alerts across a GitHub organization.

dependabot-alerts lists Dependabot security alerts for all repos of a GitHub organization. You can run it from the command line:

$ dependabot-alerts <your_github_organization>

You'll need to have GitHub CLI installed and logged in.

There's also a GitHub Actions workflow that runs automatically on a schedule and notifies us in Slack of any Dependabot alerts in the hypothesis GitHub organization.

Installing

We recommend using pipx to install Dependabot Alerts. First install pipx then run:

pipx install git+https://github.com/hypothesis/dependabot-alerts.git

You now have Dependabot Alerts installed! For some help run:

dependabot-alerts --help

Upgrading

To upgrade to the latest version run:

pipx upgrade dependabot-alerts

To see what version you have run:

dependabot-alerts --version

Uninstalling

To uninstall run:

pipx uninstall dependabot-alerts

Setting up Your Dependabot Alerts Development Environment

First you'll need to install:

  • Git. On Ubuntu: sudo apt install git, on macOS: brew install git.
  • GNU Make. This is probably already installed, run make --version to check.
  • pyenv. Follow the instructions in pyenv's README to install it. The Homebrew method works best on macOS. The Basic GitHub Checkout method works best on Ubuntu. You don't need to set up pyenv's shell integration ("shims"), you can use pyenv without shims.

Then to set up your development environment:

git clone https://github.com/hypothesis/dependabot-alerts.git
cd dependabot-alerts
make help

Changing the Project's Python Versions

To change what versions of Python the project uses:

  1. Change the Python versions in the cookiecutter.json file. For example:

    "python_versions": "3.10.4, 3.9.12",

  2. Re-run the cookiecutter template:

    make template

  3. Commit everything to git and send a pull request

Changing the Project's Python Dependencies

To change the production dependencies in the setup.cfg file:

  1. Change the dependencies in the .cookiecutter/includes/setuptools/install_requires file. If this file doesn't exist yet create it and add some dependencies to it. For example:

    pyramid
sqlalchemy
celery

  2. Re-run the cookiecutter template:

    make template

  3. Commit everything to git and send a pull request

To change the project's formatting, linting and test dependencies:

  1. Change the dependencies in the .cookiecutter/includes/tox/deps file. If this file doesn't exist yet create it and add some dependencies to it. Use tox's factor-conditional settings to limit which environment(s) each dependency is used in. For example:

    lint: flake8,
format: autopep8,
lint,tests: pytest-faker,

  2. Re-run the cookiecutter template:

    make template

  3. Commit everything to git and send a pull request

About

Notifications of Dependabot alerts across a GitHub organization.

Resources

Readme

License

BSD-2-Clause license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Contributors 3

  •  
  •  
  •  

Languages