GitHub's "Automated Security Fixes" have been disabled on the Wikimedia Org

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

GitHub's "Automated Security Fixes" have been disabled on the Wikimedia Org

reedy
Just a heads up that "Automated Security Fixes" have been disabled on the
Wikimedia GitHub org. See [1]

The reason for this is that it generates pull requests on non canonical
repositories (ie where Gerrit is the default development location) that
require developers to close them.

If this is a feature you want on your repo generally, because you
canonically develop on GitHub, you can re-enable these on your repo by
clicking the "Security" tab, and then selecting "Automated Security Fixes"
in the top right corner. See [2] for more info. If you do develop
canonically in GitHub, please let us know at [3].

Note, this doesn't affect the security alerts related to outdated packages
etc in a repo.

Thanks!


Sam

[1] https://phabricator.wikimedia.org/T237337
[2]
https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-fixes
[3] https://phabricator.wikimedia.org/T237470
[4]
https://help.github.com/en/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l