Add dependabot checks for v3-0-test branch #54719
Conversation
boring-cyborg
bot
added
area:dev-tools
backport-to-v3-1-test
potiuk
requested review from
amoghrajesh,
aritra24,
ashb,
bbovenzi,
bugraoz93,
eladkal,
gopidesupavan,
kaxil and
pierrejeambrun
potiuk
changed the title
potiuk
force-pushed
the
add-dependabot-for-3-0-test-branch
branch
from
b63a0cb to
fbc2e87
Compare
kaxil
left a comment
kaxil
left a comment
There was a problem hiding this comment.
Worth adding a link to private discussion as PR description so we know the context when if/when we look back at this PR and wonder why we added this!
The discussion is private for now :). I'd hate to link a link that will be unreachable for most ... But I will add a link to the devlist announcement / follow-up after we agree in PMC/Security team about more proactive security process. |
I know but still worth adding. More for future us than anyone else. Private link is still better than empty description :) You can replace it with the public one when it is added to public devlist |
|
Sure: here it is - https://lists.apache.org/thread/hwzhbn3tsdz51b4yfcdv3zzy2wkwotdk |
(cherry picked from commit bd5f86a) Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
Backport successfully created: v3-0-test
|
(cherry picked from commit bd5f86a) Co-authored-by: Jarek Potiuk <jarek@potiuk.com>
|
Nice :) thanks for adding. |
|
One main advantage with dependaboat i see always is it checks selected package against any security vulnerabilities in security advisory :) |
Yep. |
3 participants
https://lists.apache.org/thread/d5lx8s5972r69o34zsg9rmjb2mcoyqdc
^ Add meaningful description above
Read the Pull Request Guidelines for more information.
In case of fundamental code changes, an Airflow Improvement Proposal (AIP) is needed.
In case of a new dependency, check compliance with the ASF 3rd Party License Policy.
In case of backwards incompatible changes please leave a note in a newsfragment file, named
{pr_number}.significant.rstor{issue_number}.significant.rst, in airflow-core/newsfragments.