starred/planka
1
0
Fork 0
mirror of https://github.com/plankanban/planka.git synced 2026-02-25 03:14:50 +03:00
Code Issues 396 Packages Projects Releases 16 Wiki Activity

Automate dependency updates via Dependabot #486

New Issue
Closed
opened 2026-02-04 19:51:21 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2026-02-04 19:51:21 +03:00
Owner
Copy Link

Originally created by @mxr576 on GitHub (Apr 21, 2024).

With the growing number of consumers relying on the Planka project, it's essential to maintain its security and reliability. While leveraging GitHub's built-in package audit feature is a good start, configuring automated package updates through Dependabot GitHub Actions (GHA) can further enhance the project's robustness.

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions

Originally created by @mxr576 on GitHub (Apr 21, 2024). With the growing number of consumers relying on the Planka project, it's essential to maintain its security and reliability. While leveraging GitHub's built-in package audit feature is a good start, configuring automated package updates through Dependabot GitHub Actions (GHA) can further enhance the project's robustness. https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
OVERLORD commented 2026-02-04 19:51:32 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Apr 22, 2024):

Hi! Thank you for your comment. We get Dependabot alerts and try to monitor dependencies, but at the same time, we can't fully automate this process, because every time we also need to check what the update includes (it might have new vulnerabilities, backdoors, etc.), so we update them manually. There was also an issue with Dependabot where some PRs had a completely different version of a dependency that could cause the app to crash, but this may have been fixed long ago and we need to try again.

@meltyshev commented on GitHub (Apr 22, 2024): Hi! Thank you for your comment. We get Dependabot alerts and try to monitor dependencies, but at the same time, we can't fully automate this process, because every time we also need to check what the update includes (it might have new vulnerabilities, backdoors, etc.), so we update them manually. There was also an issue with Dependabot where some PRs had a completely different version of a dependency that could cause the app to crash, but this may have been fixed long ago and we need to try again.
OVERLORD commented 2026-02-04 19:51:41 +03:00
Author
Owner
Copy Link

@meltyshev commented on GitHub (Apr 23, 2024):

We've updated all the packages and re-enabled Dependabot.

@meltyshev commented on GitHub (Apr 23, 2024): We've updated all the packages and re-enabled Dependabot.
OVERLORD commented 2026-02-04 19:51:43 +03:00
Author
Owner
Copy Link

@mxr576 commented on GitHub (Apr 24, 2024):

Awesome 💪

Thanks!

@mxr576 commented on GitHub (Apr 24, 2024): Awesome :muscle: Thanks!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
bug
documentation
documentation
duplicate
enhancement
good first issue
help wanted
pull-request
Mirrored from GitHub Pull Request
 question
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/planka#486
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?