Closed dependabot[bot] closed 4 months ago
Hi @bendichter, what is our strategy with these dependabot version bumps? Should the DANDI team merge, close, manually test, or ask the contributor to test? These version updates seem to happen fairly regularly. Thanks.
I accepted some of these bumps in the past, but actually I don't think that was the best move, because it is changing the environment in a way that could mess up installation. I think it would be best to deactivate this dependabot feature on the repo so we can be more likely to have a consistent reproducible environment.
Thanks @bendichter. I agree.
Hi @yarikoptic @satra, are you okay if we disable the dependabot on this repository?
yes, let's disable: we have no assurance that any of those notebooks work at all, and with automated upgrades we just make it even worse. (we know that there is apparently new typos detected... will look into it now)
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version
or @dependabot ignore this minor version
.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.
I have now disabled dependabot and closed all those PRs
Bumps urllib3 from 1.25.3 to 1.26.19.
Release notes
Sourced from urllib3's releases.
... (truncated)
Changelog
Sourced from urllib3's changelog.
... (truncated)
Commits
d9d85c8
Release 1.26.198528b63
[1.26] Fix downstream tests (#3409)40b6d16
Merge pull request from GHSA-34jh-p97f-mpxf29cfd02
Fix handling of OpenSSL 3.2.0 new error message "record layer failure" (#3405)b600643
[1.26] Bump RECENT_DATE (#3404)7e2d389
[1.26] Fix running CPython 2.7 tests in CI (#3137)9c2c230
Release 1.26.18 (#3159)b594c5c
Merge pull request from GHSA-g4mx-q9vg-27p4944f0eb
[1.26] Use vendored six in urllib3.contrib.securetransportc9016bf
Release 1.26.17Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show