Skip to content

ci: update dependabot.yml to include Go and Python dependencies and fix some cve #572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 18, 2025
Merged

ci: update dependabot.yml to include Go and Python dependencies and fix some cve #572

merged 1 commit into from
Mar 18, 2025

Conversation

zhuwenxing
Copy link
Collaborator

  • Add Go (gomod) dependency update configuration
  • Add Python (pip) dependency update configuration
  • Configure dependabot to only create PRs for security vulnerabilities
  • Set weekly update schedule for all dependency ecosystems
  • Set open-pull-requests-limit to 10 for each ecosystem

@zhuwenxing
ci: update dependabot.yml to include Go and Python dependencies and f…
982a69a 
…ix some cve

- Add Go (gomod) dependency update configuration
- Add Python (pip) dependency update configuration
- Configure dependabot to only create PRs for security vulnerabilities
- Set weekly update schedule for all dependency ecosystems
- Set open-pull-requests-limit to 10 for each ecosystem

Signed-off-by: zhuwenxing <[email protected]>
@sre-ci-robot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: zhuwenxing

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@mergify mergify bot added the dco-passed label Mar 18, 2025
@mergify Mergify
Copy link

mergify bot commented Mar 18, 2025

@zhuwenxing Please associate the related issue to the body of your Pull Request. (eg. “issue: #”)

@zhuwenxing
Copy link
Collaborator Author

/kind improvement

@sre-ci-robot sre-ci-robot added the kind/improvement Changes related to something improve, likes ut and code refactor label Mar 18, 2025
@huanghaoyuanhhy
Copy link
Collaborator

/lgtm

@sre-ci-robot sre-ci-robot merged commit 539a077 into zilliztech:main Mar 18, 2025
19 checks passed
gifi-siby pushed a commit to gifi-siby/milvus-backup that referenced this pull request Apr 21, 2025
@zhuwenxing @gifi-siby
ci: update dependabot.yml to include Go and Python dependencies and f…
ef519c8 
…ix some cve (zilliztech#572)

- Add Go (gomod) dependency update configuration
- Add Python (pip) dependency update configuration
- Configure dependabot to only create PRs for security vulnerabilities
- Set weekly update schedule for all dependency ecosystems
- Set open-pull-requests-limit to 10 for each ecosystem

Signed-off-by: zhuwenxing <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@huanghaoyuanhhy huanghaoyuanhhy Awaiting requested review from huanghaoyuanhhy

@Thomas-HuWei Thomas-HuWei Awaiting requested review from Thomas-HuWei

Assignees

@huanghaoyuanhhy huanghaoyuanhhy

Labels
approved ci-passed dco-passed kind/improvement Changes related to something improve, likes ut and code refactor lgtm size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zhuwenxing @sre-ci-robot @huanghaoyuanhhy