[RESEND. PATCH 1/5] drm/ci: Upgrade requirements because of bothering by GitHub Dependabot

Helen Mae Koike Fornazier helen.koike at collabora.com
Tue Oct 29 10:37:33 UTC 2024





---- On Thu, 17 Oct 2024 00:39:48 -0300 WangYuli  wrote ---

 > GitHub Dependabot keeps bugging us about old, vulnerable Python packages. 
 >  
 > Until we figure out a way to make it calm, we're stuck updating our 
 > dependencies whenever it complains. 
 >  
 > I guess it's a good thing in the long run, though, right? 
 > Makes our CI a bit "more secure"... 
 >  
 > Signed-off-by: WangYuli wangyuli at uniontech.com> 
 > -- 
 > 2.45.2 
 >  
 > 


Hi WangYuli,

Thanks for this.

tbh, I'm tempted in removing the python script that is in the repo, and keep it out-of-tree somewhere, since it is a tool that is only triggered manually in local environment.

I also want to hear Vignesh's thoughts about it.

Thanks
Helen


More information about the dri-devel mailing list