Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(manager/pip-compile): Allow security updates for transitive dependencies #27561

Merged
merged 9 commits into from Mar 30, 2024
Merged

feat(manager/pip-compile): Allow security updates for transitive dependencies #27561

merged 9 commits into from Mar 30, 2024

Conversation

not7cd
Copy link
Contributor

@not7cd not7cd commented Feb 26, 2024
edited

Changes

Indirect dependencies that exist only in lock files are now added to the package file's dependency list. They are disabled by default, but this can be overwritten by the configuration, like vulnerability alerts.

Context

closes #26871
closes #26947

Documentation (please check one with an [x])

  • I have updated the documentation, or
  • No documentation update is required

How I've tested my work (please select one)

I have verified these changes via:

  • Code inspection only, or
  • Newly added/modified unit tests, or
  • No unit tests but ran on a real repository, or
  • Both unit tests + ran on a real repository

@not7cd not7cd marked this pull request as ready for review February 26, 2024 15:30
@not7cd not7cd requested a review from viceice March 28, 2024 11:17
viceice
viceice reviewed Mar 29, 2024
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment

@not7cd not7cd requested a review from viceice March 29, 2024 21:24
@not7cd
Copy link
Contributor Author

not7cd commented Mar 29, 2024

I would like to add that this change has been checked against over 100 repositories over past month. And I don't see any unwanted updates.

viceice
viceice reviewed Mar 29, 2024
View reviewed changes
Copy link
Member

@viceice viceice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

review is no longer applied by adding comment on existing discussion 😕

@not7cd not7cd requested a review from viceice March 29, 2024 21:51
@viceice viceice added this pull request to the merge queue Mar 30, 2024
Merged via the queue into renovatebot:main with commit 0df4ff5 Mar 30, 2024
37 checks passed
@renovate-release
Copy link
Collaborator

🎉 This PR is included in version 37.278.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

secustor pushed a commit to secustor/renovate that referenced this pull request Mar 31, 2024
@not7cd @secustor
feat(manager/pip-compile): Allow security updates for transitive depe…
2230b64 
…ndencies (renovatebot#27561)
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 30, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@viceice viceice viceice approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@not7cd @renovate-release @viceice