Skip to content

Automated Dependency Updates with Security Scanning #168

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
OBenner wants to merge 13 commits into
base: develop
Choose a base branch
from
Open

Automated Dependency Updates with Security Scanning #168

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1710878
ci(dependency-updates): create dependency-updates.yml workflow file
Mar 20, 2026
006a0dd
feat(runners): add --create-pr flag to dependency_update_runner.py
Mar 20, 2026
3646359
feat(runners): implement PR creation using gh CLI with GHClient
Mar 20, 2026
7ab62d2
ci(workflow): add PR creation trigger to dependency updates workflow
Mar 20, 2026
600327d
feat(dependencies): create notification module for vulnerability alerts
Mar 20, 2026
1778532
ci(workflow): add notification trigger for vulnerability alerts
Mar 20, 2026
bd3c865
feat(dependency-updates): create dependency-updates.config.json schem…
Mar 20, 2026
1cfb1e7
feat(runners): add config loading to dependency_update_runner.py
Mar 20, 2026
b795c36
feat(backend): implement auto-approval logic for patch updates
Mar 20, 2026
15d4103
test(dependency-updates): add integration test for workflow
Mar 20, 2026
d13ce0d
docs(dependency-updates): add GitHub Actions automation documentation
Mar 20, 2026
936da4a
docs: add subtask 5-3 completion summary and verification report
Mar 20, 2026
edffc76
fix(dependency-updates): resolve pytest collection failures and impor…
Mar 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 85 additions & 0 deletions .github/dependency-updates.config.json.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
{
"$schema": "./dependency-updates.schema.json",
"version": 1,
"description": "Configuration for automated dependency updates with security scanning",

"scan": {
"ecosystems": ["python", "node"],
"directories": {
"python": "apps/backend",
"node": ["apps/frontend", "apps/web-frontend"]
},
"schedule": {
"interval": "weekly",
"day": "monday",
"hour": 0
},
"security_only": false,
"severity_threshold": "high"
},

"auto_approval": {
"enabled": true,
"patch_updates": true,
"minor_updates": false,
"allowlisted_packages": [
{
"name": "pytest",
"ecosystem": "python",
"auto_approve": "minor"
},
{
"name": "lodash",
"ecosystem": "node",
"auto_approve": "patch"
}
],
"blocklisted_packages": [
{
"name": "breaking-package",
"ecosystem": "python",
"reason": "Known breaking changes in major versions"
}
]
},

"pull_requests": {
"enabled": true,
"labels": ["dependencies", "auto-update"],
"assignees": [],
"reviewers": [],
"draft": false,
"max_concurrent": 5,
"commit_message": {
"prefix": "chore(deps)",
"include_scope": true
}
},

"notifications": {
"enabled": true,
"min_severity": "high",
"create_issues": true,
"issue_labels": ["security", "vulnerability"],
"comment_on_pr": true
},

"limits": {
"max_updates_per_run": 20,
"max_prs_per_day": 10,
"timeout_minutes": 30
},

"groups": {
"security_updates": {
"name": "Security Vulnerability Fixes",
"description": "Automated security updates for critical vulnerabilities",
"exclude": []
},
"dev_dependencies": {
"name": "Development Dependencies",
"description": "Updates for development tools and testing libraries",
"patterns": ["@types/*", "*-dev", "*-test"]
}
}
}
267 changes: 267 additions & 0 deletions .github/dependency-updates.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,267 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://github.com/OBenner/Auto-Claude/dependency-updates.schema.json",
"title": "Dependency Updates Configuration",
"description": "Configuration schema for automated dependency updates with security scanning",
"type": "object",
"required": ["version", "scan"],
"properties": {
"version": {
"type": "integer",
"description": "Configuration schema version",
"minimum": 1
},
"description": {
"type": "string",
"description": "Human-readable description of this configuration"
},
"scan": {
"type": "object",
"description": "Scan configuration settings",
"required": ["ecosystems"],
"properties": {
"ecosystems": {
"type": "array",
"description": "Package ecosystems to scan",
"items": {
"type": "string",
"enum": ["python", "node", "github-actions"]
},
"minItems": 1
},
"directories": {
"type": "object",
"description": "Directories to scan for each ecosystem",
"additionalProperties": {
"oneOf": [
{ "type": "string" },
{ "type": "array", "items": { "type": "string" } }
]
}
},
"schedule": {
"type": "object",
"description": "Scan schedule configuration",
"properties": {
"interval": {
"type": "string",
"enum": ["daily", "weekly", "monthly"],
"default": "weekly"
},
"day": {
"type": "string",
"enum": ["monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"],
"default": "monday"
},
"hour": {
"type": "integer",
"minimum": 0,
"maximum": 23,
"default": 0
}
}
},
"security_only": {
"type": "boolean",
"description": "Only scan for security vulnerabilities",
"default": false
},
"severity_threshold": {
"type": "string",
"enum": ["critical", "high", "medium", "low"],
"description": "Minimum severity level to report",
"default": "high"
}
}
},
"auto_approval": {
"type": "object",
"description": "Automatic approval settings for dependency updates",
"properties": {
"enabled": {
"type": "boolean",
"default": false
},
"patch_updates": {
"type": "boolean",
"description": "Auto-approve patch version updates (X.Y.Z -> X.Y.Z+1)",
"default": false
},
"minor_updates": {
"type": "boolean",
"description": "Auto-approve minor version updates (X.Y.Z -> X.Y+1.0)",
"default": false
},
"allowlisted_packages": {
"type": "array",
"description": "Packages that can be auto-approved with specific rules",
"items": {
"type": "object",
"required": ["name", "ecosystem"],
"properties": {
"name": {
"type": "string",
"description": "Package name or pattern"
},
"ecosystem": {
"type": "string",
"enum": ["python", "node", "github-actions"]
},
"auto_approve": {
"type": "string",
"enum": ["patch", "minor", "major"],
"description": "Maximum version level to auto-approve"
}
}
}
},
"blocklisted_packages": {
"type": "array",
"description": "Packages that should never be auto-approved",
"items": {
"type": "object",
"required": ["name", "ecosystem"],
"properties": {
"name": {
"type": "string",
"description": "Package name or pattern"
},
"ecosystem": {
"type": "string",
"enum": ["python", "node", "github-actions"]
},
"reason": {
"type": "string",
"description": "Why this package is blocklisted"
}
}
}
}
}
},
"pull_requests": {
"type": "object",
"description": "Pull request creation settings",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"labels": {
"type": "array",
"description": "Labels to add to created PRs",
"items": { "type": "string" }
},
"assignees": {
"type": "array",
"description": "Users to assign to created PRs",
"items": { "type": "string" }
},
"reviewers": {
"type": "array",
"description": "Reviewers to request for created PRs",
"items": { "type": "string" }
},
"draft": {
"type": "boolean",
"description": "Create PRs as drafts",
"default": false
},
"max_concurrent": {
"type": "integer",
"description": "Maximum concurrent open PRs",
"minimum": 1,
"default": 5
},
"commit_message": {
"type": "object",
"properties": {
"prefix": {
"type": "string",
"default": "chore(deps)"
},
"include_scope": {
"type": "boolean",
"default": true
}
}
}
}
},
"notifications": {
"type": "object",
"description": "Notification settings for vulnerabilities",
"properties": {
"enabled": {
"type": "boolean",
"default": true
},
"min_severity": {
"type": "string",
"enum": ["critical", "high", "medium", "low"],
"default": "high"
},
"create_issues": {
"type": "boolean",
"description": "Create GitHub issues for critical vulnerabilities",
"default": true
},
"issue_labels": {
"type": "array",
"description": "Labels to add to vulnerability issues",
"items": { "type": "string" }
},
"comment_on_pr": {
"type": "boolean",
"description": "Comment on PRs about security updates",
"default": true
}
}
},
"limits": {
"type": "object",
"description": "Resource limits and throttling",
"properties": {
"max_updates_per_run": {
"type": "integer",
"minimum": 1,
"default": 20
},
"max_prs_per_day": {
"type": "integer",
"minimum": 1,
"default": 10
},
"timeout_minutes": {
"type": "integer",
"minimum": 1,
"default": 30
}
}
},
"groups": {
"type": "object",
"description": "Update groups for batched PRs",
"additionalProperties": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"description": {
"type": "string"
},
"exclude": {
"type": "array",
"items": { "type": "string" }
},
"patterns": {
"type": "array",
"description": "Package patterns to include in this group",
"items": { "type": "string" }
}
}
}
}
}
}
Loading
Loading