Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependabot does not scan for versions in versions.properties #3782

Open
saratvemulapalli opened this issue Jul 5, 2022 · 1 comment
Open

Dependabot does not scan for versions in versions.properties #3782

saratvemulapalli opened this issue Jul 5, 2022 · 1 comment
Labels
CI CI related cicd enhancement Enhancement or improvement to existing feature or request feature New feature or request

Comments

@saratvemulapalli
Copy link
Member

saratvemulapalli commented Jul 5, 2022
edited
Loading

Is your feature request related to a problem? Please describe.
Coming from: #3772 (comment)
Dependabot does a great job of automatically upgrading dependent libraries while checking CVE databases.

For OpenSearch we use versions.properties[1] as a version catalog for all gradle projects within the repository.
Dependabot workflow does not support scanning through this catalog file of versions.

Describe the solution you'd like
Dependabot support for dependencies listed in versions.properties.

[1] https://github.com/opensearch-project/OpenSearch/blob/main/buildSrc/version.properties
@saratvemulapalli saratvemulapalli added enhancement Enhancement or improvement to existing feature or request untriaged labels Jul 5, 2022
@saratvemulapalli saratvemulapalli mentioned this issue Jul 5, 2022
Merged
1 task
@reta reta mentioned this issue Jul 8, 2022
Merged
5 tasks
@mch2 mch2 added CI CI related feature New feature or request cicd and removed untriaged labels Jul 11, 2022
@reta reta mentioned this issue Aug 26, 2022
Merged
6 tasks
@reta
Copy link
Collaborator

reta commented Aug 31, 2022

Related discussions:

@bbarani bbarani mentioned this issue Oct 4, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CI CI related cicd enhancement Enhancement or improvement to existing feature or request feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@reta @mch2 @saratvemulapalli