subject:"\[python\-committers\] Re\: dependabot gone bonkers\?"

[python-committers] Re: dependabot gone bonkers?

2020-12-03 Thread Mariatta

Here's the reply from dependabot team:

We're aware of this issue and planning a fix. The workaround for now is to
> delete the fork and re-create it without enabling Dependabot security
> updates. Dependabot version updates (setup from config file) isn't enabled
> by default on new forks but will be if security updates has ever been
> turned on and since disabled.


Source:
https://github.com/dependabot/dependabot-core/issues/2804#issuecomment-737781797

On Tue, Dec 1, 2020 at 9:59 AM Guido van Rossum  wrote:

> Yup, it's because upstream cpython has this file:
>
> https://github.com/gvanrossum/cpython/blob/master/.github/dependabot.yml
>
> I still think this is a bug (or missing feature) in dependabot. Please +1
> that issue!
>
> On Tue, Dec 1, 2020 at 7:52 AM Mariatta  wrote:
>
>> Maybe a recent change in dependabot. This open ticket seems related
>> https://github.com/dependabot/dependabot-core/issues/2804
>>
>> On Tue., Dec. 1, 2020, 7:36 a.m. Guido van Rossum, 
>> wrote:
>>
>>> I got this too on two forks of cpython. It smells like a dependabot
>>> mistake.
>>>
>>> On Tue, Dec 1, 2020 at 04:59 Terry Reedy  wrote:
>>>
 This morning I woke to find that dependabot had added two new branches
 to my cpython fork
 https://github.com/terryjreedy/cpython/branches
 and had created corresponding PRs
 https://github.com/terryjreedy/cpython/pull/3
 https://github.com/terryjreedy/cpython/pull/4

 Whether all forks or all committers or just me got these, it seems
 wrong.  I suspect that I should just close the extraneous PRs and
 delete
 the branches.

 Dependabot also created the same branches and PRs directly on
 python/cpython.
 https://github.com/python/cpython/branches
 https://github.com/python/cpython/pull/23582
 https://github.com/python/cpython/pull/23583
 Only these PRs got the proper labels.  Someone should merge these PRs
 and delete the branches.

 Also, it seems that dependabot should be reconfigured to not create
 duplicate branches and PRs.

 --
 Terry Jan Reedy
 ___
 python-committers mailing list -- python-committers@python.org
 To unsubscribe send an email to python-committers-le...@python.org
 https://mail.python.org/mailman3/lists/python-committers.python.org/
 Message archived at
 https://mail.python.org/archives/list/python-committers@python.org/message/3NREMKOZNH6Q5KMUFTPD66YAXUP6DIC4/
 Code of Conduct: https://www.python.org/psf/codeofconduct/

>>> --
>>> --Guido (mobile)
>>> ___
>>> python-committers mailing list -- python-committers@python.org
>>> To unsubscribe send an email to python-committers-le...@python.org
>>> https://mail.python.org/mailman3/lists/python-committers.python.org/
>>> Message archived at
>>> https://mail.python.org/archives/list/python-committers@python.org/message/F6YDV3LBHIHORFMEGVIIFCYKZS7M4GET/
>>> Code of Conduct: https://www.python.org/psf/codeofconduct/
>>>
>>
>
> --
> --Guido van Rossum (python.org/~guido)
> *Pronouns: he/him **(why is my pronoun here?)*
> 
>
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/VE6ODUMIAKGXDKD6CWHAKEIKCYGWRIEZ/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: dependabot gone bonkers?

2020-12-01 Thread Guido van Rossum

Yup, it's because upstream cpython has this file:

https://github.com/gvanrossum/cpython/blob/master/.github/dependabot.yml

I still think this is a bug (or missing feature) in dependabot. Please +1
that issue!

On Tue, Dec 1, 2020 at 7:52 AM Mariatta  wrote:

> Maybe a recent change in dependabot. This open ticket seems related
> https://github.com/dependabot/dependabot-core/issues/2804
>
> On Tue., Dec. 1, 2020, 7:36 a.m. Guido van Rossum, 
> wrote:
>
>> I got this too on two forks of cpython. It smells like a dependabot
>> mistake.
>>
>> On Tue, Dec 1, 2020 at 04:59 Terry Reedy  wrote:
>>
>>> This morning I woke to find that dependabot had added two new branches
>>> to my cpython fork
>>> https://github.com/terryjreedy/cpython/branches
>>> and had created corresponding PRs
>>> https://github.com/terryjreedy/cpython/pull/3
>>> https://github.com/terryjreedy/cpython/pull/4
>>>
>>> Whether all forks or all committers or just me got these, it seems
>>> wrong.  I suspect that I should just close the extraneous PRs and delete
>>> the branches.
>>>
>>> Dependabot also created the same branches and PRs directly on
>>> python/cpython.
>>> https://github.com/python/cpython/branches
>>> https://github.com/python/cpython/pull/23582
>>> https://github.com/python/cpython/pull/23583
>>> Only these PRs got the proper labels.  Someone should merge these PRs
>>> and delete the branches.
>>>
>>> Also, it seems that dependabot should be reconfigured to not create
>>> duplicate branches and PRs.
>>>
>>> --
>>> Terry Jan Reedy
>>> ___
>>> python-committers mailing list -- python-committers@python.org
>>> To unsubscribe send an email to python-committers-le...@python.org
>>> https://mail.python.org/mailman3/lists/python-committers.python.org/
>>> Message archived at
>>> https://mail.python.org/archives/list/python-committers@python.org/message/3NREMKOZNH6Q5KMUFTPD66YAXUP6DIC4/
>>> Code of Conduct: https://www.python.org/psf/codeofconduct/
>>>
>> --
>> --Guido (mobile)
>> ___
>> python-committers mailing list -- python-committers@python.org
>> To unsubscribe send an email to python-committers-le...@python.org
>> https://mail.python.org/mailman3/lists/python-committers.python.org/
>> Message archived at
>> https://mail.python.org/archives/list/python-committers@python.org/message/F6YDV3LBHIHORFMEGVIIFCYKZS7M4GET/
>> Code of Conduct: https://www.python.org/psf/codeofconduct/
>>
>

-- 
--Guido van Rossum (python.org/~guido)
*Pronouns: he/him **(why is my pronoun here?)*

___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/BDVBZIONX76PGR5PMV2BH72YRMKIADF6/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: dependabot gone bonkers?

2020-12-01 Thread Mariatta

Maybe a recent change in dependabot. This open ticket seems related
https://github.com/dependabot/dependabot-core/issues/2804

On Tue., Dec. 1, 2020, 7:36 a.m. Guido van Rossum,  wrote:

> I got this too on two forks of cpython. It smells like a dependabot
> mistake.
>
> On Tue, Dec 1, 2020 at 04:59 Terry Reedy  wrote:
>
>> This morning I woke to find that dependabot had added two new branches
>> to my cpython fork
>> https://github.com/terryjreedy/cpython/branches
>> and had created corresponding PRs
>> https://github.com/terryjreedy/cpython/pull/3
>> https://github.com/terryjreedy/cpython/pull/4
>>
>> Whether all forks or all committers or just me got these, it seems
>> wrong.  I suspect that I should just close the extraneous PRs and delete
>> the branches.
>>
>> Dependabot also created the same branches and PRs directly on
>> python/cpython.
>> https://github.com/python/cpython/branches
>> https://github.com/python/cpython/pull/23582
>> https://github.com/python/cpython/pull/23583
>> Only these PRs got the proper labels.  Someone should merge these PRs
>> and delete the branches.
>>
>> Also, it seems that dependabot should be reconfigured to not create
>> duplicate branches and PRs.
>>
>> --
>> Terry Jan Reedy
>> ___
>> python-committers mailing list -- python-committers@python.org
>> To unsubscribe send an email to python-committers-le...@python.org
>> https://mail.python.org/mailman3/lists/python-committers.python.org/
>> Message archived at
>> https://mail.python.org/archives/list/python-committers@python.org/message/3NREMKOZNH6Q5KMUFTPD66YAXUP6DIC4/
>> Code of Conduct: https://www.python.org/psf/codeofconduct/
>>
> --
> --Guido (mobile)
> ___
> python-committers mailing list -- python-committers@python.org
> To unsubscribe send an email to python-committers-le...@python.org
> https://mail.python.org/mailman3/lists/python-committers.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-committers@python.org/message/F6YDV3LBHIHORFMEGVIIFCYKZS7M4GET/
> Code of Conduct: https://www.python.org/psf/codeofconduct/
>
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/KXPH7VN5WBSTOG4KKXB6IYD5O4KOA76V/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: dependabot gone bonkers?

2020-12-01 Thread Guido van Rossum

I got this too on two forks of cpython. It smells like a dependabot mistake.

On Tue, Dec 1, 2020 at 04:59 Terry Reedy  wrote:

> This morning I woke to find that dependabot had added two new branches
> to my cpython fork
> https://github.com/terryjreedy/cpython/branches
> and had created corresponding PRs
> https://github.com/terryjreedy/cpython/pull/3
> https://github.com/terryjreedy/cpython/pull/4
>
> Whether all forks or all committers or just me got these, it seems
> wrong.  I suspect that I should just close the extraneous PRs and delete
> the branches.
>
> Dependabot also created the same branches and PRs directly on
> python/cpython.
> https://github.com/python/cpython/branches
> https://github.com/python/cpython/pull/23582
> https://github.com/python/cpython/pull/23583
> Only these PRs got the proper labels.  Someone should merge these PRs
> and delete the branches.
>
> Also, it seems that dependabot should be reconfigured to not create
> duplicate branches and PRs.
>
> --
> Terry Jan Reedy
> ___
> python-committers mailing list -- python-committers@python.org
> To unsubscribe send an email to python-committers-le...@python.org
> https://mail.python.org/mailman3/lists/python-committers.python.org/
> Message archived at
> https://mail.python.org/archives/list/python-committers@python.org/message/3NREMKOZNH6Q5KMUFTPD66YAXUP6DIC4/
> Code of Conduct: https://www.python.org/psf/codeofconduct/
>
-- 
--Guido (mobile)
___
python-committers mailing list -- python-committers@python.org
To unsubscribe send an email to python-committers-le...@python.org
https://mail.python.org/mailman3/lists/python-committers.python.org/
Message archived at 
https://mail.python.org/archives/list/python-committers@python.org/message/F6YDV3LBHIHORFMEGVIIFCYKZS7M4GET/
Code of Conduct: https://www.python.org/psf/codeofconduct/

[python-committers] Re: dependabot gone bonkers?

[python-committers] Re: dependabot gone bonkers?

[python-committers] Re: dependabot gone bonkers?

[python-committers] Re: dependabot gone bonkers?

4 matches

Site Navigation

Mail list logo

Footer information