-
Notifications
You must be signed in to change notification settings - Fork 74
Open
Description
Our manual dependency management is a security risk and a maintenance burden.
-
Configure RenovateBot (compatible with Bazel WORKSPACE files) for this repository to automatically create PRs for dependency updates.
-
Review all dependency URLs to ensure they use stable, versioned links that are compatible with Renovate's automated parsing.
-
Address the OpenSSF Scorecard findings in #425
Notably, I do not think we should create a rotation for dependency management. It is better for two people to have strong ownership than to delegate to a rotation which does not have strong incentive to prioritize dependency management.
We will need some way to manage dependencies which do not use a tags for versioning.
Metadata
Metadata
Assignees
Labels
No labels