Add Dependabot or Renovate #2225

kannon92 · 2024-08-16T13:54:35Z

There should be a dependabot or renovate to help keep dependencies up to date.

This helps keep dependencies update and does not require manually upkeep to update them.

Give it a 👍 We prioritize the features with most 👍

tenzen-y · 2024-08-16T14:01:29Z

This is a good point. TBH, I want to introduce the dependabot, but our CI testing is too flaky in building images and unit/integration/e2e testing.

So, I would like to postpone the dependabot until the v1 API is removed.

andreyvelich · 2024-08-16T14:05:24Z

I think, we already have it, isn't ?
Here is the PR example: #2056

tenzen-y · 2024-08-16T14:08:37Z

I think, we already have it, isn't ? Here is the PR example: #2056

That is created by the critical security issue. Kevin indicates to add a depandabot script so that we can always use the latest library version.

andreyvelich · 2024-08-16T14:10:45Z

Oh, I see, thanks for the clarification!
/remove-label lifecycle/needs-triage
/area engprod

kannon92 added kind/feature lifecycle/needs-triage labels Aug 16, 2024

kannon92 changed the title ~~Bot to aide in updating dependencies~~ Add Dependabot or Renovate Aug 16, 2024

google-oss-prow bot added area/engprod and removed lifecycle/needs-triage labels Aug 16, 2024

Provide feedback