Securing your workflows - Update the dependency version

Hi! The task “Update the dependency version” is not working for me. I have made commits according to the instructions. The commit is made in the branch. However, I am not able to pull a merge request without reviewing the changes and getting “This branch has not been deployed” notification.
Once I approve the review, I simply merge the pull request but the bot does not recognise the changes made by me and nothing happens. Please advise what should I do?

Hi! Could you share a link to the course repository? That way people here can take a look, which increases the chance someone will have an idea. :slightly_smiling_face:

Hi! Thanks a lot!
Here it is GitHub - nadiiatara/security-on-github

Which of the pull requests are you stuck on?

The one that has an obvious problem is Add a `.gitignore` file by github-learning-lab · Pull Request #3 · nadiiatara/security-on-github · GitHub, where the content of the .gitignore file doesn’t match the instructions. You should be able to edit it.

I’m stuck with “Update the vulnerable dependency #1” (Update the vulnerable dependency by github-learning-lab · Pull Request #1 · nadiiatara/security-on-github · GitHub)
I’m not able to merge this pull request

After looking at the instructions in Find repository vulnerabilities · Issue #4 · nadiiatara/security-on-github · GitHub and the repository of that debug dependency I’m pretty sure the 801 version number is wrong, and there’s a bug in the tutorial because the bot didn’t complain about that. The latest release for that library is 4.3.2, and a hint in the issue gives a much lower expected version number for the security update. :thinking:

I hope fixing the version number helps!

1 Like

Thanks a lot for your help, do really appreciate it! Gonna try this version

1 Like