Dependency Updates#
Keeping the pinned dependencies a repository consumes — Action and workflow SHAs, container base images, language packages, Terraform providers and modules — current and free of known vulnerabilities, through automated update pull requests that are reviewed and released like any other change.
| Page | Description |
|---|---|
| Spec | Requirements for dependency updates — pinned dependencies kept current and secure through reviewed, released update pull requests. |
| Design | How dependency updates are built — Dependabot update PRs, a label scheme kept disjoint from release labels, and level-based auto-merge. |