[
https://ovirt-jira.atlassian.net/browse/OVIRT-2870?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Evgheni Dereveanchin reassigned OVIRT-2870:
-------------------------------------------
Assignee: Krapali Rai (was: infra)
> disable dependabot PRs for github repos that are gerrit mirrors
> ---------------------------------------------------------------
>
> Key: OVIRT-2870
> URL: https://ovirt-jira.atlassian.net/browse/OVIRT-2870
> Project: oVirt - virtualization made easy
> Issue Type: Outage
> Reporter: Evgheni Dereveanchin
> Assignee: Krapali Rai
>
> GitHub recently enabled dependabot which automatically sends PRs to bump
> versions of libraries that received security updates.
> In our case, a lot of repos are just mirrors of gerrit repos so no PRs need
> to be sent there.
> This ticket is to disable dependabot on such repos. Some examples:
> https://github.com/oVirt/ovirt-engine/pulls
> https://github.com/oVirt/jenkins/pulls
> https://github.com/oVirt/ovirt-vdsmfake/pulls
> To disable these PRs it is enough to go to the security tab of the mirror
> project and unclick the checkbox in the "Automatic serurity updates" menu
--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100121)
_______________________________________________
Infra mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/[email protected]/message/E5I6OAPYWPDIZ6HGFXGL2E2YQ3GIIYNR/
