Bump boto3 from 1.12.27 to 1.12.28 #26
Conversation
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=60&v=4){kind=small}
Bumps [boto3](https://github.com/boto/boto3) from 1.12.27 to 1.12.28. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](boto/boto3@1.12.27...1.12.28) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
dependabot-preview
bot
requested review from
negillett and
rohanpm
as code owners
dependabot-preview
bot
added
the
dependencies
|
@rohanpm anyway to configure the bot to only bump for y-streams? |
I'll look into it... I'm also a bit surprised how many of these we're getting. Dependabot settings in the repo are meant to apply security fixes only by default, but I suspect it might not be working correctly or maybe every release of this library is being marked as "contains security fixes". |
|
I have a feeling that the dependabot config file I checked into the repo was not respected. Others have hit the same issue before, e.g. dependabot/feedback#857. I checked repo settings in the dependabot app and it didn't have "security updates only" as it should according to the config file. I manually adjusted the settings to match the config file. We could merge the outstanding requests and then see if the behavior changes to expected from now (= only security updates). @nathanegillett what do you think? |
|
Looks like boto3 is up-to-date now, so this is no longer needed. |
Bumps boto3 from 1.12.27 to 1.12.28.
Changelog
Sourced from boto3's changelog.
Commits
a8032a2Merge branch 'release-1.12.28'7b5fb70Bumping version to 1.12.281690afbAdd changelog entries from botocorebb1b791Merge branch 'release-1.12.27' into developDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language@dependabot badge mewill comment on this PR with code to add a "Dependabot enabled" badge to your readmeAdditionally, you can set the following in your Dependabot dashboard: