Open anders314159 opened 3 weeks ago
@JosefAssad
I think we can do that, but mostly because it's easy to do. It feels a bit odd with regard to responsibility of this job type. If we're going to do this, what's next? Do we want to find vulnerabilities in third-party libs? I guess not, but where's the limit?
I agree - I'll bring the issue up at the huddle, and hear if it is actually a problem or just busy-work.
ML Lab said it would be very nice to have. We'll limit it to just the python version for now, not checking requirements.txt or anything else for outdated packages.
Is there anything warning users if they are using old versions of Python in their job-types? Old defined as end-of-life by https://devguide.python.org/versions/
Do we want to implement that? I'm aware of Dependabot, but that is a GitHub thing and not everyone is using GitHub to store the job-code.