Closed Bug 1483529 Opened 7 years ago Closed 7 years ago

Accept updated GitHub permissions for app 'Renovate'

Categories

(mozilla.org :: Github: Administration, task)

Product:
mozilla.org
Component:
Github: Administration
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1479481

People

(Reporter: emorley, Assigned: hwine)

Details

Hi! The Renovate GitHub app is requesting additional permissions (access to "Security vulnerability reports") so that is can expedite dependency updates when they are vulnerable (rather than waiting for the normal update schedule): https://renovatebot.com/blog/github-vulnerability-alerts Please can a mozilla admin accept the new permissions? https://github.com/apps/renovate/installations/72227/permissions Many thanks :-)
Thanks for stating the need -- we do not accept additional permission requests until someone makes a case for it :) This also translates into an immediate signal that there may be a zero day in the app. I'll replicate what we did for mozilla-services. I'll open an issue on all current repos using renovate, notifying them of the upcoming change. That will give them a chance to configure to _not_ have the zero-day PR's made for their repos. I'll update here when I've done that.
Assignee: nobody → hwine
woops - got my orgs mixed up -- it's this org that process is underway in :/
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.