Actions
Task #5196
closedPin dependencies to y releases and use dependabot to update them
Start date:
Due date:
% Done:
100%
Estimated time:
Platform Release:
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:
Description
Recently, Pulp 3 package installs were broken by a new version of DRF which necessitated a new release of pulpcore (RC4)[0]. Our releases are fragile and unstable because they don't pin versions of dependencies.
Instead, pin pulpcore's dependencies to specific y release versions and use dependabot[1] to notify us of new updates for pulpcore dependencies.
This was the outcome of a discussion on pulp-dev[2].
.. [0] https://www.redhat.com/archives/pulp-dev/2019-July/msg00076.html
.. [1] https://dependabot.com/
.. [2] https://www.redhat.com/archives/pulp-dev/2019-July/msg00088.html
Updated by daviddavis over 5 years ago
Added by daviddavis over 5 years ago
Updated by daviddavis over 5 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|433775d92b58dba939157c980489fb85df390a5e.
Updated by bmbouter about 5 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions
Pinning dependencies and using dependabot to manage updates
fixes #5196 https://pulp.plan.io/issues/5196