Many repos do not have a dependabot.yml file to keep actions updated (context: nextstrain/shared@3eaee3a).
- chikv
- forecasts-flu
- hmpv
- infra
- oropouche
- pathogen-repo-guide
- rabies
- rubella
- seasonal-cov
- status
- tb
- tb-docker-test
- yellow-fever
Command used to generate list
gh api graphql -f query='
query($org: String!, $endCursor: String) {
organization(login: $org) {
repositories(first: 100, after: $endCursor, isArchived: false) {
nodes {
nameWithOwner
workflows: object(expression: "HEAD:.github/workflows") {
__typename
}
dependabot: object(expression: "HEAD:.github/dependabot.yml") {
__typename
}
}
}
}
}
' -F org=nextstrain \
| jq -r '
.data.organization.repositories.nodes[]
| select(.workflows != null and .dependabot == null)
| .nameWithOwner
' | sort
Adding the dependabot.yml file will facilitate version bumps for Node.js 20 actions such as actions/cache@v4 (usage). Those will stop working on September 16th, 2026 according to warnings for actions/cache@v4.
Many repos do not have a dependabot.yml file to keep actions updated (context: nextstrain/shared@3eaee3a).
Command used to generate list
Adding the dependabot.yml file will facilitate version bumps for Node.js 20 actions such as actions/cache@v4 (usage). Those will stop working on September 16th, 2026 according to warnings for actions/cache@v4.