We wish to keep dependencies up to date so that we do not need such massive overhauls of our system. This is a recurring task to update all dependencies we are able to update. Any conflicts shall get a dedicated ticket. This task should be a day of work at most because it only updates non-breaking changes.
[ ] Ticket is understood and QA has been contacted
User Story
As VA Notify,
I want to keep our service up to date
So that we are secure and as free of bugs as possible.
[ ] Passes QA Suite regression testing against Dev
[ ] If there are any failures, compare the poetry.lock in main against your local poetry.lock.
[ ] Identify the discrepancies and lock those versions in pyproject.toml, create a ticket, and label it "tech debt"
[ ] Any non-top level dependencies that have to be locked should have a comment added to pyproject.toml and have a checkbox to remove that dependency from pyproject.toml in the acceptance criteria
[ ] Created ticket has the package name in the title
Acceptance Criteria
Repo dependencies are updated and we have no broken functionality. Issues opened by Dependabot are resolved. Tickets with the "tech debt" label created for any updates we could, or should, not do.
[ ] This work is added to the sprint review slide deck (key win bullet point and demo slide)
QA Considerations
[ ] Affected Dependabot PRs are closed after merge (may need to rebase them using dependabot command)
[ ] Check to see if these updates cancel out any Twistlock issues
[ ] QA Regression tests pass after deploying this code.
coreycarvalho
commented
2 weeks ago
User Story - Business Need
We wish to keep dependencies up to date so that we do not need such massive overhauls of our system. This is a recurring task to update all dependencies we are able to update. Any conflicts shall get a dedicated ticket. This task should be a day of work at most because it only updates non-breaking changes.
User Story
As VA Notify, I want to keep our service up to date So that we are secure and as free of bugs as possible.
Additional Info and Resources
poetry.lock, revert major changes, then minor, then patch/security: never edit this file manually!Engineering Checklist
poetry.lock.pyproject.toml, create a ticket, and label it "tech debt"pyproject.tomland have a checkbox to remove that dependency frompyproject.tomlin the acceptance criteriaAcceptance Criteria
Repo dependencies are updated and we have no broken functionality. Issues opened by Dependabot are resolved. Tickets with the "tech debt" label created for any updates we could, or should, not do.
QA Considerations