Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: enable Dependabot automatic version upgrade PRs #1348

Closed
wants to merge 1 commit into from
Closed

chore: enable Dependabot automatic version upgrade PRs #1348

wants to merge 1 commit into from

Conversation

ianbotsf
Copy link
Contributor

@ianbotsf ianbotsf commented Jul 5, 2024

Issue #

(none)

Description of changes

This change should enable Dependabot to send PRs to us when new versions of Smithy are launched. Only Smithy is allowlisted for now—we can see if it makes sense to enable for other dependencies in the future.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@ianbotsf ianbotsf added the no-changelog Indicates that a changelog entry isn't required for a pull request. Use sparingly. label Jul 5, 2024
@ianbotsf ianbotsf requested a review from a team as a code owner July 5, 2024 16:42
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 5, 2024

A new generated diff is ready to view.

  • No codegen difference in the AWS SDK

@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 5, 2024

Affected Artifacts

No artifacts changed size

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jul 5, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@ianbotsf
Copy link
Contributor Author

As noted by @lauzadis this change would stop us from receiving automatic security version bump PRs.

From documentation of the allow parameter:

Use the allow option to customize which dependencies are updated. This applies to both version and security updates.

This leaves us with no way to define separate rules for security updates and non-security version upgrades. Since automated security updates are more important, I'm closing this PR for now until such time as feature requests like dependabot/dependabot-core#6380 or dependabot/dependabot-core#1778 are addressed.

@ianbotsf ianbotsf closed this Jul 11, 2024
@ianbotsf ianbotsf deleted the chore-enable-auto-dependency-upgrades branch July 11, 2024 23:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0marperez 0marperez 0marperez approved these changes

@lauzadis lauzadis lauzadis approved these changes

Assignees
No one assigned
Labels
no-changelog Indicates that a changelog entry isn't required for a pull request. Use sparingly.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ianbotsf @lauzadis @0marperez