[MediaWiki-l] GitHub's "Automated Security Fixes" have been disabled on the Wikimedia Org

Sam Reed reedy at wikimedia.org
Sat Nov 9 01:42:37 UTC 2019


Just a heads up that "Automated Security Fixes" have been disabled on the
Wikimedia GitHub org. See [1]

The reason for this is that it generates pull requests on non canonical
repositories (ie where Gerrit is the default development location) that
require developers to close them.

If this is a feature you want on your repo generally, because you
canonically develop on GitHub, you can re-enable these on your repo by
clicking the "Security" tab, and then selecting "Automated Security Fixes"
in the top right corner. See [2] for more info. If you do develop
canonically in GitHub, please let us know at [3].

Note, this doesn't affect the security alerts related to outdated packages
etc in a repo.

Thanks!


Sam

[1] https://phabricator.wikimedia.org/T237337
[2]
https://help.github.com/en/github/managing-security-vulnerabilities/configuring-automated-security-fixes
[3] https://phabricator.wikimedia.org/T237470
[4]
https://help.github.com/en/github/managing-security-vulnerabilities/viewing-and-updating-vulnerable-dependencies-in-your-repository


More information about the MediaWiki-l mailing list