Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Handle dependabot alerts on a regular basis #573

Open
ashwani2k opened this issue Jan 10, 2023 · 0 comments
Open

[Feature] Handle dependabot alerts on a regular basis #573

ashwani2k opened this issue Jan 10, 2023 · 0 comments
Labels
area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related area/quality Output qualification (tests, checks, scans, automation in general, etc.) related kind/enhancement Enhancement, improvement, extension lifecycle/rotten Nobody worked on this for 12 months (final aging stage)

Comments

@ashwani2k
Copy link
Collaborator

ashwani2k commented Jan 10, 2023
edited

Feature (What you would like to be added):
Manage the dependabot alerts in a structured way with each release by planning updates ahead or close the PR if they don't add value.

Motivation (Why is this needed?):
The repos was configured with dependabot which should help in automatic managing of upstream dependencies.
Currently these are ignored and are closed automatically when dependabot raises fresh PR for newer versions.

You can check the current open ones here -- https://github.com/gardener/etcd-backup-restore/pulls?q=is%3Apr+is%3Aopen+bump

Approach/Hint to the implement solution (optional):

  • Remove dependabot as currently its just ignored
  • Create a standard process which can include these PR's as part of milestones planned for the etcd-br release.
@ashwani2k ashwani2k added kind/enhancement Enhancement, improvement, extension area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related area/quality Output qualification (tests, checks, scans, automation in general, etc.) related labels Jan 10, 2023
@gardener-robot gardener-robot added the lifecycle/stale Nobody worked on this for 6 months (will further age) label Sep 19, 2023
@gardener-robot gardener-robot added lifecycle/rotten Nobody worked on this for 12 months (final aging stage) and removed lifecycle/stale Nobody worked on this for 6 months (will further age) labels May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/open-source Open Source (community, enablement, contributions, conferences, CNCF, etc.) related area/quality Output qualification (tests, checks, scans, automation in general, etc.) related kind/enhancement Enhancement, improvement, extension lifecycle/rotten Nobody worked on this for 12 months (final aging stage)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ashwani2k @gardener-robot