[BUILD-1150] Disable Renovate PRs for libraries that need to stay in sync with others Created: 04/Oct/23  Updated: 10/Oct/23  Resolved: 10/Oct/23

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Maxime Michel Assignee: Maxime Michel
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Team: Foundation

 Description   

We keep running into the discussion of whether we should perform some upgrades, such as: https://git.magnolia-cms.com/projects/BUILD/repos/boms/pull-requests/1293/overview

Let's instead go with the following policy:

  1. if a security vulnerability requires it, we will allow a library pair to become out of sync. For instance: H2 normally should be in sync with version in JR, which we'll do 99% of the time, but if the particular H2 version is vulnerable, then we will temporarily bump it
  2. otherwise, let's just plain disable Renovate PRs for those library. They are essentially noise.

Generated at Sun Feb 11 23:48:37 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.