secure-software-engineering · schlichtig · Aug 26, 2024 · Aug 23, 2024 · Aug 23, 2024 · Aug 23, 2024
diff --git a/.github/workflows/approve_dependabotifications.yml b/.github/workflows/approve_dependabotifications.yml
@@ -0,0 +1,25 @@
+name: Dependabot auto-approve
+on: pull_request
+
+permissions:
+ contents: write
+ pull-requests: write
+
+jobs:
+ dependabot:
+ runs-on: ubuntu-latest
+ if: github.actor == 'dependabot[bot]'
+ steps:
+ - name: Dependabot metadata
+ id: metadata
+ uses: dependabot/fetch-metadata@v2
+ with:
+ github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+ # Note: If you use status checks to test pull requests, you should enable Require status checks to pass before merging for the target branch for Dependabot pull requests. This branch protection rule ensures that pull requests are not merged unless all the required status checks pass. For more information, see "Managing a branch protection rule."
+ - name: Enable auto-merge for Dependabot PRs
+ # if: steps.metadata.outputs.update-type == 'version-update:semver-patch' && contains(steps.metadata.outputs.dependency-names, 'my-dependency')
+ run: gh pr merge --auto --merge "$PR_URL"
+ env:
+ PR_URL: ${{github.event.pull_request.html_url}}
+ GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/pom.xml b/pom.xml
@@ -173,7 +173,7 @@
  <dependency>
  <groupId>de.fraunhofer.iem</groupId>
  <artifactId>pathexpression</artifactId>
- <version>1.0.2</version>
+ <version>1.0.3</version>
  </dependency>
  <dependency>
  <groupId>org.soot-oss</groupId>