Feature request: Include update-type in security update commits #11998
Unanswered
keattang
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We have been trying to automate the merging of our dependabot security updates. To do this we followed the github docs on auto-merging dependabot PRs: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
We wish to only auto merge PRs that bump minor or patch versions as we want to manually merge and test the riskier major updates. The docs show you how to do this by inspecting the
update-type
metadata property. This doesn't work for security updates however as it appears they do not include theupdate-type
in the commit message and so it is not available in the metadata.This is a request to please include the
update-type
in security update commits. If there are any work arounds, that would also be greatly appreciated.Beta Was this translation helpful? Give feedback.
All reactions