-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[2023-04-25] Bump dependencies identified by dependabot #15776
Conversation
Signed-off-by: Wei Fu <[email protected]>
Based on Indirect dependencies, usually we don't bump a dependency if all modules just indirectly depend on it, such as Note that uber-go/zap/blob/v1.24.0 depends on |
Hi @ahrtr For I have a question about indirect deps in The
And for the If my understand is correct, this pull-request only needs to bump one dep |
Correct.
I suggest to remove the dependency on
We should push |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@fuweid could you please close all the PRs opened by dependabot? |
@ahrtr thanks for the help 😂 I will close it by myself next time. |
Just closed the PRs myself. |
followups:
|
handling the |
I did not see any direct dependencies needs to be bumped up this week, so I closed all of PRs opened by dependabot. Could you please take a look if I did the right thing? @ahrtr, thanks! |
Thanks @chaochn47. It's correct to close the PRs bumping indirect dependencies. I see that the PR #15806 isn't closed. It isn't an indirect dependency, but I vaguely remember that it's also causing incompatibility issue, and it couldn't pass the workflow checks. I am not sure whether you have already double checked it. Are you raising separate PR for it? |
Good catch, somehow I missed that PR #15806, will raise a separate PR for it |
Please read https://github.com/etcd-io/etcd/blob/main/CONTRIBUTING.md#contribution-flow.