The GitHub Actions job "uv in /tools/gmail/oauth-draft for urllib3 - Update #1364312413" on airflow-steward.git/main has failed. Run started by GitHub user dependabot[bot] (triggered by dependabot[bot]).
Head commit for run: e7b3b8fc02455f370e6d70936b394b20a123febb / Jarek Potiuk <[email protected]> docs(agents): reply drafts to reporter must use conditional language for dependency claims (#141) When a reporter claims the vulnerability lives in one of the project's dependencies, drafted replies must not adopt the claim as fact. The project has no authority to confirm a vulnerability in code it does not maintain — that judgement belongs to the dependency's own maintainers and CNAs. Add a sibling rule under "Writing and editing documentation" that shows do / don't phrasings (forward to the dependency's maintainers, condition the assessment on their confirmation), and pair the rule with the existing "Reporter-supplied CVSS scores are informational only" rule (same shape: position from the reporter the team has not yet evaluated). Carve out the case where the report actually describes a flaw in the project's own code that happens to involve a dependency — at that point the finding is ours and the brevity rule above takes over. Report URL: https://github.com/apache/airflow-steward/actions/runs/25771491177 With regards, GitHub Actions via GitBox --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
