[
https://issues.apache.org/jira/browse/HDDS-9171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17806483#comment-17806483
]
Attila Doroszlai commented on HDDS-9171:
----------------------------------------
[~erose], [~abhishek.pal], I think we need to revisit this.
Recon dependency version bumps tend to get no reviews. PRs stay in the queue
for weeks/months. New PRs for different dependencies also update the lockfile,
which is creating conflicts.
Thus, I think only a single Recon dependency PR should be open at the same
time. If it is still open when dependabot notices another potential version
bump, it should be updated, instead of creating a new PR. If that's not
possible with current dependabot automation, we should turn it off. We can
still rely on dependabot security alerts and create PRs manually.
> Resolve dependabot build issues when updating npm packages
> ----------------------------------------------------------
>
> Key: HDDS-9171
> URL: https://issues.apache.org/jira/browse/HDDS-9171
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Ethan Rose
> Assignee: Abhishek Pal
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.4.0
>
>
> Dependabot has been enabled for the Ozone repository, but its builds are
> failing since it is only updating the lock file. This jira is to update
> .github/dependabot.yml so that the PRs are filed correctly. Example:
> https://github.com/apache/ozone/pull/5143
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
