Skip to content

[WIP] Update Dependabot configuration for version updates#96

Merged
Bryan-Roe merged 1 commit into
mainfrom
copilot/update-dependency-configurations
Mar 28, 2026
Merged

[WIP] Update Dependabot configuration for version updates#96
Bryan-Roe merged 1 commit into
mainfrom
copilot/update-dependency-configurations

Conversation

Copilot AI commented Mar 28, 2026

Copy link
Copy Markdown
Contributor

Thanks for asking me to work on this. I will get started on it and keep this PR's description up to date as I form a plan and make progress.

fix # To get started with Dependabot version updates, you'll need to specify which

package ecosystems to update and where the package manifests are located.

Please see the documentation for more information:

https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates

https://containers.dev/guide/dependabot

version: 2
updates:

  • package-ecosystem: "devcontainers"
    directory: "/"
    schedule:
    interval: "weekly"

  • package-ecosystem: "pip"
    directory: "/"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(pip)"
    groups:
    python-dependencies:
    patterns:
    - "*"
    reviewers:

    • "Bryan-Roe"
  • package-ecosystem: "pip"
    directory: "/ai-projects/quantum-ml"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(quantum-ml)"
    groups:
    quantum-ml-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/ai-projects/quantum-ml/production"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(quantum-prod)"
    groups:
    quantum-prod-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/ai-projects/chat-cli"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(chat-cli)"
    groups:
    chat-cli-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/ai-projects/cooking-ai"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(cooking-ai)"
    groups:
    cooking-ai-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/ai-projects/llm-maker"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(llm-maker)"
    groups:
    llm-maker-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/ai-projects/lora-training/microsoft_phi-silica-3.6_v1"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(lora)"
    groups:
    lora-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/ai-projects/lora-training/quantum-ai"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(lora-quantum)"
    groups:
    lora-quantum-deps:
    patterns:
    - "*"

  • package-ecosystem: "pip"
    directory: "/mount"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "deps(mount)"
    groups:
    mount-deps:
    patterns:
    - "*"

  • package-ecosystem: "github-actions"
    directory: "/"
    schedule:
    interval: "weekly"
    commit-message:
    prefix: "ci"
    groups:
    github-actions:
    patterns:
    - "*"
    reviewers:

    • "Bryan-Roe"

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Copilot! 👋

Your private repo does not have access to Sourcery.

Please upgrade to continue using Sourcery ✨

Copilot AI requested a review from Bryan-Roe March 28, 2026 09:15
@Bryan-Roe Bryan-Roe marked this pull request as ready for review March 28, 2026 09:19
Copilot AI review requested due to automatic review settings March 28, 2026 09:19

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Bryan-Roe! 👋

Your private repo does not have access to Sourcery.

Please upgrade to continue using Sourcery ✨

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@Bryan-Roe Bryan-Roe requested review from Copilot and removed request for Bryan-Roe March 28, 2026 09:19

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@Bryan-Roe Bryan-Roe requested review from Bryan-Roe and Copilot March 28, 2026 09:19

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review any files in this pull request.

@Bryan-Roe Bryan-Roe merged commit 3d253ef into main Mar 28, 2026
4 of 21 checks passed
@Bryan-Roe Bryan-Roe deleted the copilot/update-dependency-configurations branch March 28, 2026 11:14
Bryan-Roe added a commit that referenced this pull request May 16, 2026
…put (#306)

The `secrets_leak_guard.py` hook was interpolating matched pattern names
(e.g. `api_key, token`) directly into its stderr/stdout messages,
constituting clear-text logging of sensitive information ([CodeQL alert
#96](https://github.com/Bryan-Roe/Aria/security/code-scanning/96)).

## Changes

- **`.github/hooks/scripts/secrets_leak_guard.py`**: Remove `label = ",
".join(findings)` and its interpolation from both the block (`🛑`) and
warn (`⚠️`) messages. Detection is still reported; matched pattern names
are no longer echoed.

```python
# Before
label = ", ".join(findings)
print(f"🛑  SECRETS BLOCKED: Detected possible hardcoded secret ({label}){path_hint}. ...")

# After
print(f"🛑  SECRETS BLOCKED: Detected possible hardcoded secret{path_hint}. ...")
```

#### Potential fix for alerts ####
* [Clear-text logging of sensitive
information](https://github.com/Bryan-Roe/Aria/security/code-scanning/96)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants