Dependabot does not scan for versions in versions.properties #3782

saratvemulapalli · 2022-07-05T21:56:32Z

Is your feature request related to a problem? Please describe.
Coming from: #3772 (comment)
Dependabot does a great job of automatically upgrading dependent libraries while checking CVE databases.

For OpenSearch we use versions.properties[1] as a version catalog for all gradle projects within the repository.
Dependabot workflow does not support scanning through this catalog file of versions.

Describe the solution you'd like
Dependabot support for dependencies listed in versions.properties.

[1] https://github.com/opensearch-project/OpenSearch/blob/main/buildSrc/version.properties

The text was updated successfully, but these errors were encountered:

reta · 2022-08-31T15:42:17Z

Related discussions:

Getting Gradle versions from gradle.properties dependabot/dependabot-core#1618
Fully Featured Gradle Support with the Gradle Tooling API dependabot/dependabot-core#1164

saratvemulapalli added enhancement Enhancement or improvement to existing feature or request untriaged labels Jul 5, 2022

saratvemulapalli mentioned this issue Jul 5, 2022

Upgrade netty from 4.1.73.Final to 4.1.78.Final #3772

Merged

1 task

reta mentioned this issue Jul 8, 2022

Update outdated dependencies #3821

Merged

5 tasks

mch2 added CI CI related feature New feature or request cicd and removed untriaged labels Jul 11, 2022

reta mentioned this issue Aug 26, 2022

Some dependency updates #4308

Merged

6 tasks

bbarani mentioned this issue Oct 4, 2022

Automated mechanism to update library versions across all repos under OpenSearch project opensearch-project/opensearch-build#2689

Open

cwperks mentioned this issue Oct 10, 2024

Switch from buildSrc/version.properties to gradle/libs.versions.toml to enable dependabot to perform automated upgrade cwperks/OpenSearch#203

Merged

3 tasks

cwperks closed this as completed in cwperks/OpenSearch#203 Oct 10, 2024

reta reopened this Oct 10, 2024

github-actions bot added the untriaged label Oct 10, 2024

cwperks mentioned this issue Oct 11, 2024

Demonstrate switch from buildSrc/version.properties to gradle/libs.versions.toml to enable dependabot to perform automated upgrade cwperks/OpenSearch#206

Merged

3 tasks

cwperks closed this as completed in cwperks/OpenSearch#206 Oct 11, 2024

cwperks mentioned this issue Oct 11, 2024

Switch from buildSrc/version.properties to Gradle version catalog (gradle/libs.versions.toml) to enable dependabot to perform automated upgrades on common libs #16284

Merged

3 tasks

cwperks reopened this Oct 12, 2024

cwperks removed the untriaged label Oct 12, 2024

reta closed this as completed in #16284 Oct 28, 2024

reta added v3.0.0 Issues and PRs related to version 3.0.0 v2.19.0 Issues and PRs related to version 2.19.0 labels Oct 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dependabot does not scan for versions in versions.properties #3782

Dependabot does not scan for versions in versions.properties #3782

saratvemulapalli commented Jul 5, 2022 •

edited

Loading

reta commented Aug 31, 2022

Dependabot does not scan for versions in versions.properties #3782

Dependabot does not scan for versions in versions.properties #3782

Comments

saratvemulapalli commented Jul 5, 2022 • edited Loading

reta commented Aug 31, 2022

saratvemulapalli commented Jul 5, 2022 •

edited

Loading