Dependabot Adds Version Update Support for vcpkg
Allison details the new Dependabot support for automatic version updates in vcpkg, enabling C/C++ projects to maintain secure and current dependencies within GitHub workflows.
Dependabot Adds Version Update Support for vcpkg
Dependabot now supports automatic version updates for vcpkg, Microsoft’s free C/C++ package manager. This new integration allows teams to keep their C and C++ project dependencies automatically updated, improving project security and maintainability.
How it works
- Automatic Monitoring: Once enabled, Dependabot will monitor your project’s
vcpkg.jsonmanifest files. - Version Updates: Dependabot generates pull requests that update the
builtin-baselinecommit hash to keep dependencies in sync with the latest versions from the vcpkg port repository. - Scope: This feature applies specifically to version updates (not security updates).
Getting Started
- Configure Dependabot:
- Add a vcpkg configuration entry to your project’s
.github/dependabot.ymlfile to enable monitoring and updating of vcpkg dependencies. - Refer to the Dependabot options reference for supported configuration options.
- Add a vcpkg configuration entry to your project’s
Additional Resources
- Dependabot version updates now support vcpkg (GitHub Blog)
- Learn more about vcpkg
- Dependabot options reference
- Engage with the Dependabot open source community
Teams using C and C++ with vcpkg can now benefit from greater automation in managing their dependencies within GitHub repositories.
This post appeared first on “The GitHub Blog”. Read the entire article here