Dependabot-core: GET repos endpoint error. Incompatible with "IP allow" rules?
So using GHEC with SSO and IP Allow whitelisting. I believe the PAT issued on my User is properly scoped for SSO in that Org, but my gut is telling me the IP allow is blocking your call into our Org? Only see a 500 on my side so hard to tell.
Any chance you have a dedicated CIDR block for dependabot I could whitelist to test?
byjrack
All 3 comments
Hello, I'm the product owner for IP allow lists at GitHub. Thank you for reporting this!
We're looking into this deeper to see if there's a way we can better enable allow lists and dependabot to work together. We'll reply back on this thread with an update when we've advanced our understanding.
gpadak
on 26 Mar 2020
@byjrack you can now use the GitHub-native version of Dependabot to update all of your dependencies (not just security) which has support for IP-allow lists.
You can read more about version updates here: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
Docs: https://help.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically
feelepxyz
on 26 Jun 2020
Hm. I have the same question for a GitHub-native Dependabot.
I thought that it is consuming Git CIDR IPs - https://api.github.com/meta
But it's not like that
@gpadak any updates so far?
turnopil
on 7 Sep 2020
Related issues
kiprasmel
路
3Comments
Tapchicoma
路
3Comments
v1sion
路
3Comments
LankyLou
路
4Comments
exequiel09
路
4Comments
Most helpful comment
@byjrack you can now use the GitHub-native version of Dependabot to update all of your dependencies (not just security) which has support for IP-allow lists.
You can read more about version updates here: https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/
Docs: https://help.github.com/en/github/administering-a-repository/keeping-your-dependencies-updated-automatically