[Feature] Handle dependabot alerts on a regular basis #573
Labels
area/open-source
Open Source (community, enablement, contributions, conferences, CNCF, etc.) related
area/quality
Output qualification (tests, checks, scans, automation in general, etc.) related
kind/enhancement
Enhancement, improvement, extension
lifecycle/rotten
Nobody worked on this for 12 months (final aging stage)
Feature (What you would like to be added):
Manage the dependabot alerts in a structured way with each release by planning updates ahead or close the PR if they don't add value.
Motivation (Why is this needed?):
The repos was configured with
dependabot
which should help in automatic managing of upstream dependencies.Currently these are ignored and are closed automatically when
dependabot
raises fresh PR for newer versions.You can check the current open ones here -- https://github.com/gardener/etcd-backup-restore/pulls?q=is%3Apr+is%3Aopen+bump
Approach/Hint to the implement solution (optional):
The text was updated successfully, but these errors were encountered: