[PR #6987] [CLOSED] 3x8 dependabot #16726

Closed
opened 2026-04-23 08:03:52 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/6987
Author: @TriplEight
Created: 3/22/2026
Status: Closed

Base: mainHead: 3x8_dependabot


📝 Commits (5)

  • 3337014 ci: remove dead BASE_TAGS reference in release bake step
  • 2f831e3 ci: replace unsecured curl hadolint download with an official action
  • 2e2b9c1 ci: pin ubuntu-latest to ubuntu-24.04 in merge-manifests and zizmor
  • 0442de2 Merge pull request #1 from TriplEight/3x8_improve-ci
  • 695b8de ci: add Dependabot config for github-actions and cargo.

📊 Changes

4 files changed (+52 additions, -13 deletions)

View changed files

.github/dependabot.yml (+39 -0)
📝 .github/workflows/hadolint.yml (+11 -10)
📝 .github/workflows/release.yml (+1 -2)
📝 .github/workflows/zizmor.yml (+1 -1)

📄 Description

add Dependabot config for github-actions and cargo.

Weekly schedule (Mondays), 7-day cooldown, grouped updates to keep PR
noise low. Actions updates prefixed ci, Cargo prefixed deps. Major
version bumps for Cargo crates are ignored - those are for manualreview
given they can introduce breaking API or behaviour changes.

After merging this, go to settings -> Advanced security and turn everything on.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/6987 **Author:** [@TriplEight](https://github.com/TriplEight) **Created:** 3/22/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `3x8_dependabot` --- ### 📝 Commits (5) - [`3337014`](https://github.com/dani-garcia/vaultwarden/commit/3337014f939d13d7971292220d8b6edba7026e0b) ci: remove dead BASE_TAGS reference in release bake step - [`2f831e3`](https://github.com/dani-garcia/vaultwarden/commit/2f831e386e152895a67dd7f78ae255fae8d76000) ci: replace unsecured curl hadolint download with an official action - [`2e2b9c1`](https://github.com/dani-garcia/vaultwarden/commit/2e2b9c131df9d0980b18c1ce4fff93ec1ecd492f) ci: pin ubuntu-latest to ubuntu-24.04 in merge-manifests and zizmor - [`0442de2`](https://github.com/dani-garcia/vaultwarden/commit/0442de234285540666008311354aae789ceddcc2) Merge pull request #1 from TriplEight/3x8_improve-ci - [`695b8de`](https://github.com/dani-garcia/vaultwarden/commit/695b8dec9e487ff8ce996697722a7ed24405e98b) ci: add Dependabot config for github-actions and cargo. ### 📊 Changes **4 files changed** (+52 additions, -13 deletions) <details> <summary>View changed files</summary> ➕ `.github/dependabot.yml` (+39 -0) 📝 `.github/workflows/hadolint.yml` (+11 -10) 📝 `.github/workflows/release.yml` (+1 -2) 📝 `.github/workflows/zizmor.yml` (+1 -1) </details> ### 📄 Description add Dependabot config for github-actions and cargo. Weekly schedule (Mondays), 7-day cooldown, grouped updates to keep PR noise low. Actions updates prefixed `ci`, Cargo prefixed `deps`. Major version bumps for Cargo crates are ignored - those are for manualreview given they can introduce breaking API or behaviour changes. After merging this, go to settings -> Advanced security and turn everything on. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-23 08:03:52 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#16726