[
https://issues.apache.org/jira/browse/HDDS-9171?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17807466#comment-17807466
]
Attila Doroszlai edited comment on HDDS-9171 at 1/16/24 10:05 PM:
------------------------------------------------------------------
bq. I think part of the problem with reviews is that people are not sure what
process to follow to verify that the change does not introduce problems
Agree, I'm not sure either.
bq. Would this be one PR open at a time per dependency, or one PR for one
dependency that must be merged before another PR for a different dependency is
filed?
One PR (for Recon dependencies) total.
With the current approach the same PNPM dependencies may be upgraded in
multiple PRs. In each PR, the first commit (the one from dependabot) is
focused on the specific dependency; the second commit (generated by the
automation added for this task) updates everything it can (any dependences with
only lower bound). E.g. compare [PR
6004|https://github.com/apache/ozone/pull/6004/files] and [PR
6005|https://github.com/apache/ozone/pull/6005/files]. So the PR/commit title
does not reflect the actual change.
was (Author: adoroszlai):
bq. I think part of the problem with reviews is that people are not sure what
process to follow to verify that the change does not introduce problems
Agree, I'm not sure either.
bq. Would this be one PR open at a time per dependency, or one PR for one
dependency that must be merged before another PR for a different dependency is
filed?
One PR (for Recon dependencies) total.
With the current approach the same PNPM dependencies may be upgraded in
multiple PRs. The first commit, from dependabot, is focused on the specific
dependency; the second commit, generated by the automation added for this task,
updates everything it can (any dependences with only lower bound). E.g.
compare [PR 6004|https://github.com/apache/ozone/pull/6004/files] and [PR
6005|https://github.com/apache/ozone/pull/6005/files]. So the PR/commit title
does not reflect the actual change.
> Resolve dependabot build issues when updating npm packages
> ----------------------------------------------------------
>
> Key: HDDS-9171
> URL: https://issues.apache.org/jira/browse/HDDS-9171
> Project: Apache Ozone
> Issue Type: Improvement
> Reporter: Ethan Rose
> Assignee: Abhishek Pal
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.4.0
>
>
> Dependabot has been enabled for the Ozone repository, but its builds are
> failing since it is only updating the lock file. This jira is to update
> .github/dependabot.yml so that the PRs are filed correctly. Example:
> https://github.com/apache/ozone/pull/5143
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
