Ignore google-cloud-storage and google-api-client major version upgrade for dependabot #16072
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
cwperks
changed the title
dblock
approved these changes
Sep 26, 2024
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Sep 26, 2024
…de for dependabot (#16072) * Ignore google-cloud-storage major version upgrade for dependabot Signed-off-by: Craig Perkins <[email protected]> * Include google-api-client Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]> (cherry picked from commit 949b31f) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
|
@cwperks - Are these major version upgrades breaking in nature? If non-breaking, then instead of disabling the upgrades, we can just create up issues and someone can upgrade these dependencies. If breaking, then we should identify & upgrade these dependencies only for In either scenario, disabling upgrades just to reduce noise doesn't seems like the ideal way to go ahead here. Also, I guess there is a command to tell dependabot to not upgrade certain package upgrades in PRs itself. Disabling them in code imply that we don't want to upgrade them at all - unless it gets identified by security vulnerabilities /CVEs. Thoughts @dblock? |
dblock
pushed a commit
that referenced
this pull request
Sep 27, 2024
…de for dependabot (#16072) (#16094) * Ignore google-cloud-storage major version upgrade for dependabot * Include google-api-client --------- (cherry picked from commit 949b31f) Signed-off-by: Craig Perkins <[email protected]> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
|
I am +1 on creating an issue on doing a major upgrade for these (and removing the change @cwperks added to prevent dependabot from doing the upgrade). |
|
Just got back from vacation. I will create an issue for tracking this and mention that these lines will need to be removed on upgrade. |
This was referenced Oct 1, 2024
Closed
Closed
Closed
ruai0511
pushed a commit
to ruai0511/OpenSearch
that referenced
this pull request
Oct 4, 2024
…de for dependabot (opensearch-project#16072) * Ignore google-cloud-storage major version upgrade for dependabot Signed-off-by: Craig Perkins <[email protected]> * Include google-api-client Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
dk2k
pushed a commit
to dk2k/OpenSearch
that referenced
this pull request
Oct 16, 2024
…de for dependabot (opensearch-project#16072) * Ignore google-cloud-storage major version upgrade for dependabot Signed-off-by: Craig Perkins <[email protected]> * Include google-api-client Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
dk2k
pushed a commit
to dk2k/OpenSearch
that referenced
this pull request
Oct 17, 2024
…de for dependabot (opensearch-project#16072) * Ignore google-cloud-storage major version upgrade for dependabot Signed-off-by: Craig Perkins <[email protected]> * Include google-api-client Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
dk2k
pushed a commit
to dk2k/OpenSearch
that referenced
this pull request
Oct 21, 2024
…de for dependabot (opensearch-project#16072) * Ignore google-cloud-storage major version upgrade for dependabot Signed-off-by: Craig Perkins <[email protected]> * Include google-api-client Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Creating this PR to reduce some noise from dependabot. Dependabot has been making PRs that upgrade google-cloud-storage from 1.x to 2.x which cannot be merged since additional code changes need to be made to adopt 2.x.
This PR mutes dependabot to prevent it from making any more PRs on a major version upgrade for this dependency in any of the modules under the
/pluginsfolder.Example PRs which will require additional changes:
You can find the syntax for dependabot.yml here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.