{"id":21096403,"url":"https://github.com/githubtraining/exercise-use-dependabot","last_synced_at":"2025-05-16T15:34:47.328Z","repository":{"id":49224283,"uuid":"375804973","full_name":"githubtraining/exercise-use-dependabot","owner":"githubtraining","description":"A hands-on exercise using GitHub Actions. See README.md for instructions on how to get started.","archived":false,"fork":false,"pushed_at":"2021-06-22T21:24:10.000Z","size":346,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2023-05-22T10:55:15.742Z","etag":null,"topics":["exercise"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"cc-by-4.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/githubtraining.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-06-10T19:09:46.000Z","updated_at":"2021-09-10T15:32:52.000Z","dependencies_parsed_at":"2022-09-17T23:20:27.147Z","dependency_job_id":null,"html_url":"https://github.com/githubtraining/exercise-use-dependabot","commit_stats":null,"previous_names":[],"tags_count":null,"template":null,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubtraining%2Fexercise-use-dependabot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubtraining%2Fexercise-use-dependabot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubtraining%2Fexercise-use-dependabot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/githubtraining%2Fexercise-use-dependabot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/githubtraining","download_url":"https://codeload.github.com/githubtraining/exercise-use-dependabot/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225437171,"owners_count":17474264,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exercise"],"created_at":"2024-11-19T22:36:23.287Z","updated_at":"2024-11-19T22:36:24.045Z","avatar_url":"https://github.com/githubtraining.png","language":"JavaScript","readme":"# Welcome to the Use Dependabot exercise!\n\n⚠️ This repository contains an intentional vulnerability. The JQuery package being referenced is vulnerable. Do **not** update this dependency in the template repo as it is necessary for this exercise.\n\nThis is an exercise to check your knowledge on using Dependabot to automatically fix vulnerable dependencies in your repository. It is automatically graded via a workflow once you have completed the instructions.\n\n## About this exercise\n\n:warning: A grading script exists under `.github/workflows/grading.yml`. You do not need to use this workflow for any purpose and **altering its contents will affect the repository's ability to assess your exercise and give feedback.**\n\n:warning: This exercise utilizes [GitHub Actions](https://docs.github.com/en/actions), which is free for public repositories and self-hosted runners, but may incur charges on private repositories. See _[About billing for GitHub Actions]_ to learn more.\n\n:information_source: The use of GitHub Actions also means that it may take the grading workflow a few seconds and sometimes minutes to run.\n\n## Instructions\n\n\u003c!-- Specific instructions for your exercise --\u003e\n\nPlease complete the instructions below:\n\n1. Create your own copy of this repository by using the [Use this template](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template#creating-a-repository-from-a-template) button.\n2. Use what you have learned to enable Dependabot in this repository.\n3. Fix the vulnerability by merging the Pull Request opened by Dependabot.\n\n\u003c!-- Add your steps below starting with step 2 --\u003e\n\n## Seeing your result\n\nYour exercise is graded automatically once you have completed the instructions. To see the result of your exercise, go to the **Actions** tab, and see the most recent run on the **Grading** workflow. \u003c!-- specify expected Looking Glass display_type --\u003e\u003c!-- specific place to look --\u003e\n\nBelow is an example of an incorrect solution and where you can find the provided feedback in the **Grading results:**\n\n![Screen Shot 2021-06-14 at 3 55 54 PM](https://user-images.githubusercontent.com/6351798/121964796-4d598e00-cd29-11eb-8c0e-5a0cf3e73bae.png)\n\nSee _[Viewing workflow run history]_ if you need assistance.\n\n## Troubleshooting\n\nIf you are stuck with a step in the exercise or the grading workflow does not automatically run after you complete the instructions, run the troubleshooter: in the **Actions** tab select the **Grading workflow**, click **Run workflow**, select the appropriate branch, and click the **Run workflow** button.\n\n![](https://user-images.githubusercontent.com/6351798/119911013-b82b5c80-bf15-11eb-8feb-f2f838262f78.png)\n\nThe troubleshooter will either display useful information to help you understand what you might have done wrong in your exercise or redirect you to the documentation relevant to your exercise to help you out.\n\nSee _[Running a workflow on GitHub]_ if you need assistance.\n\n## Useful resources\n\nUse these to help you!\n\nResources specific to this exercise:\n\n- [Managing Dependabot security updates]\n- [Managing Dependabot version updates]\n\n\u003c!-- - Add further resources for the learner --\u003e\n\nResources for working with exercises and GitHub Actions in general:\n\n- [Creating a repository from a template]\n- [Viewing workflow run history]\n- [Running a workflow on GitHub]\n- [About billing for GitHub Actions]\n- [GitHub Actions]\n\n\u003c!--\nLinks used throughout this README:\n--\u003e\n\u003c!-- Edit the links below to be relevant --\u003e\n\n[creating a repository from a template]: https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template\n[viewing workflow run history]: https://docs.github.com/en/actions/managing-workflow-runs/viewing-workflow-run-history\n[running a workflow on github]: https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow#running-a-workflow-on-github\n[about billing for github actions]: https://docs.github.com/en/github/setting-up-and-managing-billing-and-payments-on-github/about-billing-for-github-actions\n[github actions]: https://docs.github.com/en/actions\n[managing dependabot security updates]: https://docs.github.com/en/code-security/getting-started/securing-your-repository#managing-dependabot-security-updates\n[managing dependabot version updates]: https://docs.github.com/en/code-security/getting-started/securing-your-repository#managing-dependabot-version-updates\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubtraining%2Fexercise-use-dependabot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgithubtraining%2Fexercise-use-dependabot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgithubtraining%2Fexercise-use-dependabot/lists"}