anders314159
commented
3 weeks ago @JosefAssad
Open anders314159 opened 3 weeks ago
anders314159
commented
3 weeks ago @JosefAssad
iszulcdeepsense
commented
3 weeks ago I think we can do that, but mostly because it's easy to do. It feels a bit odd with regard to responsibility of this job type. If we're going to do this, what's next? Do we want to find vulnerabilities in third-party libs? I guess not, but where's the limit?
anders314159
commented
3 weeks ago I agree - I'll bring the issue up at the huddle, and hear if it is actually a problem or just busy-work.
anders314159
commented
3 weeks ago ML Lab said it would be very nice to have. We'll limit it to just the python version for now, not checking requirements.txt or anything else for outdated packages.
Is there anything warning users if they are using old versions of Python in their job-types? Old defined as end-of-life by https://devguide.python.org/versions/
Do we want to implement that? I'm aware of Dependabot, but that is a GitHub thing and not everyone is using GitHub to store the job-code.