[BUILD-511] Implement a dependency bot (for boms properties) Created: 27/Aug/21 Updated: 16/Feb/22 Resolved: 03/Sep/21 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Maxime Michel | Assignee: | Maxime Michel |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Template: |
|
||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||
| Epic Link: | Dependency bot | ||||||||||||
| Description |
|
Considering the release automation webapp:
We could implement a dependency bot, considering Dependaroo's status hasn't changed in months. This would help seeing less CVEs. We'd need to filter out the quantity of upgrades because we're so far behind. A suggestion is to look up the date of the release. If we only look for releases that happened in the last week or so, then we won't be overwhelmed and will be able to process what comes in. The definitive implementation diagram can be seen at: https://git.magnolia-cms.com/projects/INTERNAL/repos/magnolia-mgmt/browse/magnolia-dependency-bot.svg |