The recently enabled depandabot has opened a few PRs, that we should handle somehow.
Some of those PRs, like the Hadoop versions changes are obviously non-starters, as they would break the project, or at the very least our test infra. However, some of them are relevant, and risk-free. Our current policy is that every commit should have a corresponding JIRA, obviously the github bot doesn' create JIRAs. We could - Ignore the Github PR, and just open a separate JIRA with a patch for the update - Open a JIRA, clone the GitHub PR, and change the description to include the JIRA - Something else, like modifying the dependabot PR directly to add the JIRA (not sure how/if that would work). - Skip the JIRA, and just directly commit the dependabot PR (would cause problems with the Release notes, and our pre-release checklists) I have opened OMID-211 according to the 2nd option here: https://issues.apache.org/jira/browse/OMID-221 What do you think ? Istvan
