Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot/renovate bot: some dependencies are not getting bumped #923

Open
flavio opened this issue Nov 4, 2024 · 3 comments
Open

Dependabot/renovate bot: some dependencies are not getting bumped #923

flavio opened this issue Nov 4, 2024 · 3 comments
Assignees
@jvanz
Labels
area/automation kind/bug kind/chore
Milestone
1.21

Comments

@flavio
Copy link
Member

flavio commented Nov 4, 2024

This issue is not specific to this repository. We've seen on certain repositories that dependabot and renovate bot are not proposing updates for certain dependencies (both libraries and GH actions).

We don't understand what might be the cause of this behaviour.
@flavio flavio added this to the 1.19 milestone Nov 4, 2024
@kkaempf kkaempf moved this to Todo in Kubewarden Nov 4, 2024
@flavio
Copy link
Member Author

flavio commented Nov 25, 2024

Currently, the kwctl project is using lazy_static version 1.4, but 1.5.0 is already out. We never got a dependency bump request neither from dependabot nor from renovatebot about that dependency

@flavio flavio modified the milestones: 1.19, 1.20 Nov 25, 2024
@flavio
Copy link
Member Author

flavio commented Nov 26, 2024
edited
Loading

Update: the bots are not updating the Cargo.toml, but they are updating the Cargo.lock files. For example, policy-fetcher is requiring docker_credential = "1.2", but currently there's version 1.3.X out. However, inside of kwctl's Cargo.lock file, the latest version of docker_credentials is being consumed.

Also, it looks like renovate is misconfigured inside of policy-fetcher repository.

Action items:

  • check renovate bot configurations
  • switch to renovate bot only
  • have patch dependencies PRs grouped together, with auto-merge
  • have Cargo.lock updates be automatically merged
  • review major and minor manually

Some useful information about how Rancher uses renovate

@jvanz jvanz self-assigned this Nov 29, 2024
@jvanz jvanz moved this from Todo to In Progress in Kubewarden Nov 29, 2024
@jvanz jvanz moved this from In Progress to Todo in Kubewarden Dec 2, 2024
@jvanz
Copy link
Member

jvanz commented Dec 2, 2024

Moving to TODO because we have other priorities for v1.20 release.

@jvanz jvanz removed their assignment Dec 2, 2024
@jvanz jvanz modified the milestones: 1.20, 1.21 Dec 31, 2024
@jvanz jvanz self-assigned this Dec 31, 2024
@jvanz jvanz moved this from Todo to In Progress in Kubewarden Dec 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvanz jvanz

Labels
area/automation kind/bug kind/chore
Projects
Kubewarden
Status: In Progress
Milestone
1.21
Development

No branches or pull requests
3 participants
@flavio @kkaempf @jvanz