I do not find the dependency reports to have a useful signal-to-noise ratio, personally. I do like dependabot if we could make our project more legible to it, if that is an issue.
Kenn On Tue, Feb 28, 2023 at 7:56 AM Danny McCormick via dev <dev@beam.apache.org> wrote: > AFAIK Dependabot doesn't have a great replacement for this. I'm not sure > why the dependency reports stopped, but we could probably try to fix them - > looks like they stopped working in October - > https://lists.apache.org/list?dev@beam.apache.org:2021-10:dependency%20report. > We still have the job which generates the empty reports - > https://github.com/apache/beam/blob/fed35133ee1cb9eb0c5ec8a1b13a7c75835a1510/.test-infra/jenkins/job_Dependency_Check.groovy#L43 > > > Also, I noticed that some dependencies are outdated, yet not updated by > Dependabot. Possibly, because a prior update PR was silenced. Is it > possible to see the state of which dependencies are currently opted out? > > There's not an awesome view of this - looking through logs at > https://github.com/apache/beam/network/updates/615364619 is the best I'm > aware of, though it was promised a year and a half ago - > https://github.com/dependabot/dependabot-core/issues/2255#issuecomment-838622025 > > On Mon, Feb 27, 2023 at 8:37 PM Valentyn Tymofieiev via dev < > dev@beam.apache.org> wrote: > >> I noticed that human-readable dependency reports are not being generated. >> Can this functionality be replaced with Dependabot? >> >> Does Dependabot provide a view of what is currently outdated from its >> standpoint? >> >> Also, I noticed that some dependencies are outdated, yet not updated by >> Dependabot. Possibly, because a prior update PR was silenced. Is it >> possible to see the state of which dependencies are currently opted out? >> >> >> Thanks! >> >> >>
