[FR] Consider using DependaBot for automatic dependencies upgrade #2596

SmashingQuasar · 2024-06-14T09:26:44Z

Is your feature request related to a problem? Please describe.

When working on projects for my clients, I always setup a pnpm audit && yarn audit as a blocking step of my CI pipeline to ensure no known vulnerabilities are going to production.
The firebase-admin-node package has had vulnerable dependencies detected several times which led me to invest time and energy opening issues and PRs.

Describe the solution you'd like

I would like the maintainers of this repository to setup DependaBot or any similar solution so the dependencies upgrade for vulnerabilities do not have to be done manually every time one is detected.

Describe alternatives you've considered

My current alternative is opening issues and PRs manually on the repository.

Additional context

You can find a quickstart guide for DependaBot on Github Docs.

The text was updated successfully, but these errors were encountered:

google-oss-bot · 2024-06-14T09:26:48Z

I found a few problems with this issue:

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
This issue does not seem to follow the issue template. Make sure you provide all the required information.

SmashingQuasar added the type: feature request label Jun 14, 2024

google-oss-bot added the needs-triage label Jun 14, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[FR] Consider using DependaBot for automatic dependencies upgrade #2596

[FR] Consider using DependaBot for automatic dependencies upgrade #2596

[FR] Consider using DependaBot for automatic dependencies upgrade #2596

[FR] Consider using DependaBot for automatic dependencies upgrade #2596

Comments