Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3573

Figure out what to do with Dependabot

XMLWordPrintableJSON

    • Type: Icon: Investigation Investigation
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • 2
    • Tools and Replicator
    • 0

      With the changes we've made for MongoDB's SSDLC initiative, the PRs that Dependabot produces simply cannot be merged as-is. We need to regenerate the SBOM Lite file whenever we add a new depedency.

      Some possibilities include:

      • Write a GH Action to regen the SBOM Lite for all PRs produced by Dependabot, so they are mergeable as-is.
      • Document how to fix these by hand.
      • Turn off Dependabot in favor of something else, like a "update all deps" ticket of the kind we do with Mongosync.

      The output from this ticket should be a new ticket to do the thing that you've determined is the best course of action.

            Assignee:
            dave.rolsky@mongodb.com Dave Rolsky
            Reporter:
            dave.rolsky@mongodb.com Dave Rolsky
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: