Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: dependabot workflow automation for updating dependency #530

Merged
merged 4 commits into from
Jul 31, 2023
Merged

feat: dependabot workflow automation for updating dependency #530

merged 4 commits into from
Jul 31, 2023

Conversation

Rajpratik71
Copy link
Contributor

Manual control of dependency is fine but with a growing no. of distributed upstream dependencies, it is hard to manage. So, for that automation should be there to update dependencies. Further, CI Pipeline is there to test those changes. The current build is having many old dependencies due to that many vulnerabilities were found. i.e. why workflow automation will help here.
Further, this will not update the dependencies automatically, instead, a PR will be opened with changes that can be reviewed and tested with CI.

Signed-off-by: Pratik Raj rajpratik71@gmail.com

@Rajpratik71
feat: dependabot workflow automation for updating dependency
6cc1dd0 
Manual control of dependency is fine but with a growing no. of distributed upstream dependencies, it is hard to manage.
So, for that automation should be there to update dependencies.
Further, CI Pipeline is there to test those changes.
The current build is having many old dependencies due to that many vulnerabilities were found.
i.e. why workflow automation will help here.
Further, this will not update the dependencies automatically, 
instead, a PR will be opened with changes that can be reviewed and tested with CI.


Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
@Rajpratik71 Rajpratik71 requested a review from a team as a code owner October 27, 2022 09:11
@Rajpratik71 Rajpratik71 requested review from aykutfarsak and ilkinulas and removed request for a team October 27, 2022 09:11
@Rajpratik71
Copy link
Contributor Author

From discussion of rook/rook#11176

On analysis of rook image came to know "rook" image reporting vulnerabilities ,

on further analysis it was found that this is due to "s5cmd" binary.

@igungor igungor merged commit 987b4ae into peak:master Jul 31, 2023
13 checks passed
@igungor
Copy link
Member

igungor commented Jul 31, 2023

Thank you @Rajpratik71

@Rajpratik71 Rajpratik71 deleted the Rajpratik71-patch-1 branch July 31, 2023 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ilkinulas ilkinulas ilkinulas approved these changes

@igungor igungor igungor approved these changes

@aykutfarsak aykutfarsak Awaiting requested review from aykutfarsak aykutfarsak is a code owner automatically assigned from peak/big-data

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Rajpratik71 @igungor @ilkinulas