Page Comparison

Adam Stankiewicz

Managing dependency upgrades:

• Renovate vs. Dependabot

  • Why do we have both running?

    • Quite possible we should only be using Renovate.

    • If so, should we turn off Dependabot?

    • Brian Smith Wants to dig thru docs/ADRs, etc. to find where this decision is documented.

      • https://docs.openedx.org/projects/openedx-proposals/en/latest/best-practices/oep-0067/decisions/frontend/0009-renovate.html

• Dependabot security vulnerabilities list no longer appears to be available in the Paragon repository.

  • This changed likely due to recent Core Contributor changes, where Adam Stankiewicz's permissions repo settings likely changed.

  • Adam Stankiewicz to follow-up with Brian Smith wrt (at least) Paragon permissions.

• Related issue:

  • https://github.com/openedx/paragon/issues/3365