Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "dependabot(change): Exclude hyper from production dependabot upgrades" #8016

Merged
merged 1 commit into from
Nov 29, 2023
Merged

Revert "dependabot(change): Exclude hyper from production dependabot upgrades" #8016

merged 1 commit into from
Nov 29, 2023

Conversation

teor2345
Copy link
Contributor

@teor2345 teor2345 commented Nov 28, 2023
edited
Loading

Reverts #8010

Motivation

We want to stop hyper dependabot PRs until we manually upgrade it.

groups.exclude-patterns from PR #8010 doesn't seem to do what we want:

exclude-patterns | Use to exclude certain dependencies from the group. If a dependency is excluded from a group, Dependabot will continue to raise single pull requests to update the dependency to its latest version.

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups

For example, see #8015.

ignore would be closer, but it requires another PR to undo, so let's avoid that:

By default all dependencies that are explicitly defined in a manifest are kept up to date by Dependabot version updates. In addition, Dependabot security updates also update vulnerable dependencies that are defined in lock files. You can use allow and ignore to customize which dependencies to maintain.

https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore

Instead, we can just manually tell dependabot to ignore hyper 1.x.x:

@dependabot ignore major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)

And it will automatically do upgrades after our first manual hyper upgrade.

@teor2345 teor2345 added C-bug Category: This is a bug A-devops Area: Pipelines, CI/CD and Dockerfiles P-Medium ⚡ C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG labels Nov 28, 2023
@teor2345 teor2345 self-assigned this Nov 28, 2023
@teor2345 teor2345 requested a review from a team as a code owner November 28, 2023 01:51
@teor2345 teor2345 requested review from upbqdn and removed request for a team November 28, 2023 01:51
@teor2345
Copy link
Contributor Author

Instead, we can just manually tell dependabot to ignore hyper 1.x.x:

@dependabot ignore major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)

And it will automatically do upgrades after our first manual hyper upgrade.

I've already done that here:
#8015 (comment)

So apart from reverting the changes there's nothing else to do.

@teor2345
Copy link
Contributor Author

This has done what we want in PR #8017

And there is no separate hyper PR.

mergify bot added a commit that referenced this pull request Nov 29, 2023
@mergify
Merge of #8016
59489b9
@mergify mergify bot mentioned this pull request Nov 29, 2023
Closed
@mergify mergify bot merged commit 961b720 into main Nov 29, 2023
91 checks passed
@mergify mergify bot deleted the revert-8010-skip-hyper-dep-updates branch November 29, 2023 01:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arya2 arya2 arya2 approved these changes

@upbqdn upbqdn Awaiting requested review from upbqdn upbqdn is a code owner automatically assigned from ZcashFoundation/general-rust-reviewers

Assignees

@teor2345 teor2345

Labels
A-devops Area: Pipelines, CI/CD and Dockerfiles C-bug Category: This is a bug C-trivial Category: A trivial change that is not worth mentioning in the CHANGELOG
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@teor2345 @arya2