roundcubemail

Mirrors/roundcubemail

Fork 0

mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-06 16:16:48 +01:00

Commit Graph

Author	SHA1	Message	Date
Aleksander Machniak	4dac665065	Dependabot versioning-strategy set to "widen"	2024-06-09 09:08:37 +02:00
Pablo Zmdl	3d4c23e9b0	Make dependabot check dependencies for NPM and composer (#9479 ) * Make dependabot check dependencies for NPM and composer * Install JS dev requirements through package.json This way we can have them automatically checked for newer versions. * Add JS prod dependencies to packages.json for version tracking They are added as optional dependencies, so we can skip their installation with `--omit=optional` (as used in the Makefile), but we can still have them checked for version updates automatically. The package "publickey" is missing, because it's not available on npmjs.com, but it hasn't seen updates in years anyway. We probably should set up a different automatic check for updates nonetheless. * Remove npm-related files when preparing packaging	2024-06-08 09:13:23 +02:00
Naveen	7a93202c35	chore: Included githubactions in the dependabot config (#8574 ) This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure. Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>	2022-06-15 07:09:35 +02:00

Author

SHA1

Message

Date

Aleksander Machniak

4dac665065

Dependabot versioning-strategy set to "widen"

2024-06-09 09:08:37 +02:00

Pablo Zmdl

3d4c23e9b0

Make dependabot check dependencies for NPM and composer (#9479 )

* Make dependabot check dependencies for NPM and composer

* Install JS dev requirements through package.json

This way we can have them automatically checked for newer versions.

* Add JS prod dependencies to packages.json for version tracking

They are added as optional dependencies, so we can skip their
installation with `--omit=optional` (as used in the Makefile), but we
can still have them checked for version updates automatically.

The package "publickey" is missing, because it's not available on
npmjs.com, but it hasn't seen updates in years anyway. We probably
should set up a different automatic check for updates nonetheless.

* Remove npm-related files when preparing packaging

2024-06-08 09:13:23 +02:00

Naveen

7a93202c35

chore: Included githubactions in the dependabot config (#8574 )

This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>

2022-06-15 07:09:35 +02:00

3 Commits