AFAIK Dependabot doesn't have a great replacement for this. I'm not sure why the dependency reports stopped, but we could probably try to fix them - looks like they stopped working in October - https://lists.apache.org/list?dev@beam.apache.org:2021-10:dependency%20report. We still have the job which generates the empty reports - https://github.com/apache/beam/blob/fed35133ee1cb9eb0c5ec8a1b13a7c75835a1510/.test-infra/jenkins/job_Dependency_Check.groovy#L43
> Also, I noticed that some dependencies are outdated, yet not updated by Dependabot. Possibly, because a prior update PR was silenced. Is it possible to see the state of which dependencies are currently opted out? There's not an awesome view of this - looking through logs at https://github.com/apache/beam/network/updates/615364619 is the best I'm aware of, though it was promised a year and a half ago - https://github.com/dependabot/dependabot-core/issues/2255#issuecomment-838622025 On Mon, Feb 27, 2023 at 8:37 PM Valentyn Tymofieiev via dev < dev@beam.apache.org> wrote: > I noticed that human-readable dependency reports are not being generated. > Can this functionality be replaced with Dependabot? > > Does Dependabot provide a view of what is currently outdated from its > standpoint? > > Also, I noticed that some dependencies are outdated, yet not updated by > Dependabot. Possibly, because a prior update PR was silenced. Is it > possible to see the state of which dependencies are currently opted out? > > > Thanks! > > >
