[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <192d7da2f2a.1069aaa001047791.5583301334791429946@collabora.com>
Date: Tue, 29 Oct 2024 07:37:33 -0300
From: Helen Mae Koike Fornazier <helen.koike@...labora.com>
To: "WangYuli" <wangyuli@...ontech.com>
Cc: "maarten.lankhorst" <maarten.lankhorst@...ux.intel.com>,
"mripard" <mripard@...nel.org>, "tzimmermann" <tzimmermann@...e.de>,
"airlied" <airlied@...il.com>, "simona" <simona@...ll.ch>,
"david.heidelberg" <david.heidelberg@...labora.com>,
"dri-devel" <dri-devel@...ts.freedesktop.org>,
"linux-kernel" <linux-kernel@...r.kernel.org>,
"guanwentao" <guanwentao@...ontech.com>,
"zhanjun" <zhanjun@...ontech.com>,
"Vignesh Raman" <vignesh.raman@...labora.com>
Subject: Re: [RESEND. PATCH 1/5] drm/ci: Upgrade requirements because of
bothering by GitHub Dependabot
---- On Thu, 17 Oct 2024 00:39:48 -0300 WangYuli wrote ---
> GitHub Dependabot keeps bugging us about old, vulnerable Python packages.
>
> Until we figure out a way to make it calm, we're stuck updating our
> dependencies whenever it complains.
>
> I guess it's a good thing in the long run, though, right?
> Makes our CI a bit "more secure"...
>
> Signed-off-by: WangYuli wangyuli@...ontech.com>
> --
> 2.45.2
>
>
Hi WangYuli,
Thanks for this.
tbh, I'm tempted in removing the python script that is in the repo, and keep it out-of-tree somewhere, since it is a tool that is only triggered manually in local environment.
I also want to hear Vignesh's thoughts about it.
Thanks
Helen
Powered by blists - more mailing lists