Closed dependabot[bot] closed 5 months ago
i seriously do not trust any of our current dependency workflow. would you guys be up for discussing solutions? (probably getting rid of dependabot and such and doing manual updates / we create a manual run workflow that updates all sources at once and PRs)
if you want my 2 cents i'm probably never going to trust our dependency flow for as long as we're using pipenv 🙂
Yeah definitely aligned on improving the workflow -- though I would like to keep support for dependabot PRs. Could we make our system support them? I suspect in general if dependabot is not supported, then other similar tools will also have similar difficulties - would be great if everything could be streamlined and flexible to work well with other tooling.
I'm pretty agnostic to tooling - pipenv, poetry, pip-tools, etc. are all fine with me so long as they work well
hmm, will look into that then. doing it the other way would give me some peace of mind (having dependabot update pipfile and generate new requirements.txt on changes)
Looks like cryptography is up-to-date now, so this is no longer needed.
Bumps cryptography from 41.0.4 to 42.0.0.
Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
4e64baf
42.0.0 version bump (#10232)7cb13a3
we'll ship 3.2.0 for 42 (#9951)605c74e
Bump x509-limbo and/or wycheproof in CI (#10231)97578b9
Bump BoringSSL and/or OpenSSL in CI (#10230)972a7b5
verification: add test_verify_tz_aware (#10229)41daf2d
Migrate PKCS7 backend to Rust (#10228)d54093e
Remove some skips in tests that aren't needed anymore (#10223)71929bd
Remove binding that's not used anymore (#10224)7ea4b89
fixed formatting in changelog (#10225)410f4a1
Allow brainpool on libressl (#10222)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show