dependabot gone bonkers?
This morning I woke to find that dependabot had added two new branches to my cpython fork https://github.com/terryjreedy/cpython/branches and had created corresponding PRs https://github.com/terryjreedy/cpython/pull/3 https://github.com/terryjreedy/cpython/pull/4
Whether all forks or all committers or just me got these, it seems wrong. I suspect that I should just close the extraneous PRs and delete the branches.
Dependabot also created the same branches and PRs directly on python/cpython. https://github.com/python/cpython/branches https://github.com/python/cpython/pull/23582 https://github.com/python/cpython/pull/23583 Only these PRs got the proper labels. Someone should merge these PRs and delete the branches.
Also, it seems that dependabot should be reconfigured to not create duplicate branches and PRs.
-- Terry Jan Reedy
I got this too on two forks of cpython. It smells like a dependabot mistake.
On Tue, Dec 1, 2020 at 04:59 Terry Reedy <tjreedy@udel.edu> wrote:
This morning I woke to find that dependabot had added two new branches to my cpython fork https://github.com/terryjreedy/cpython/branches and had created corresponding PRs https://github.com/terryjreedy/cpython/pull/3 https://github.com/terryjreedy/cpython/pull/4
Whether all forks or all committers or just me got these, it seems wrong. I suspect that I should just close the extraneous PRs and delete the branches.
Dependabot also created the same branches and PRs directly on python/cpython. https://github.com/python/cpython/branches https://github.com/python/cpython/pull/23582 https://github.com/python/cpython/pull/23583 Only these PRs got the proper labels. Someone should merge these PRs and delete the branches.
Also, it seems that dependabot should be reconfigured to not create duplicate branches and PRs.
-- Terry Jan Reedy
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/3... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- --Guido (mobile)
Maybe a recent change in dependabot. This open ticket seems related https://github.com/dependabot/dependabot-core/issues/2804
On Tue., Dec. 1, 2020, 7:36 a.m. Guido van Rossum, <guido@python.org> wrote:
I got this too on two forks of cpython. It smells like a dependabot mistake.
On Tue, Dec 1, 2020 at 04:59 Terry Reedy <tjreedy@udel.edu> wrote:
This morning I woke to find that dependabot had added two new branches to my cpython fork https://github.com/terryjreedy/cpython/branches and had created corresponding PRs https://github.com/terryjreedy/cpython/pull/3 https://github.com/terryjreedy/cpython/pull/4
Whether all forks or all committers or just me got these, it seems wrong. I suspect that I should just close the extraneous PRs and delete the branches.
Dependabot also created the same branches and PRs directly on python/cpython. https://github.com/python/cpython/branches https://github.com/python/cpython/pull/23582 https://github.com/python/cpython/pull/23583 Only these PRs got the proper labels. Someone should merge these PRs and delete the branches.
Also, it seems that dependabot should be reconfigured to not create duplicate branches and PRs.
-- Terry Jan Reedy
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/3... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- --Guido (mobile)
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/F... Code of Conduct: https://www.python.org/psf/codeofconduct/
Yup, it's because upstream cpython has this file:
https://github.com/gvanrossum/cpython/blob/master/.github/dependabot.yml
I still think this is a bug (or missing feature) in dependabot. Please +1 that issue!
On Tue, Dec 1, 2020 at 7:52 AM Mariatta <mariatta@python.org> wrote:
Maybe a recent change in dependabot. This open ticket seems related https://github.com/dependabot/dependabot-core/issues/2804
On Tue., Dec. 1, 2020, 7:36 a.m. Guido van Rossum, <guido@python.org> wrote:
I got this too on two forks of cpython. It smells like a dependabot mistake.
On Tue, Dec 1, 2020 at 04:59 Terry Reedy <tjreedy@udel.edu> wrote:
This morning I woke to find that dependabot had added two new branches to my cpython fork https://github.com/terryjreedy/cpython/branches and had created corresponding PRs https://github.com/terryjreedy/cpython/pull/3 https://github.com/terryjreedy/cpython/pull/4
Whether all forks or all committers or just me got these, it seems wrong. I suspect that I should just close the extraneous PRs and delete the branches.
Dependabot also created the same branches and PRs directly on python/cpython. https://github.com/python/cpython/branches https://github.com/python/cpython/pull/23582 https://github.com/python/cpython/pull/23583 Only these PRs got the proper labels. Someone should merge these PRs and delete the branches.
Also, it seems that dependabot should be reconfigured to not create duplicate branches and PRs.
-- Terry Jan Reedy
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/3... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- --Guido (mobile)
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/F... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- --Guido van Rossum (python.org/~guido) *Pronouns: he/him **(why is my pronoun here?)* <http://feministing.com/2015/02/03/how-using-they-as-a-singular-pronoun-can-c...>
Here's the reply from dependabot team:
We're aware of this issue and planning a fix. The workaround for now is to
delete the fork and re-create it without enabling Dependabot security updates. Dependabot version updates (setup from config file) isn't enabled by default on new forks but will be if security updates has ever been turned on and since disabled.
Source: https://github.com/dependabot/dependabot-core/issues/2804#issuecomment-73778...
On Tue, Dec 1, 2020 at 9:59 AM Guido van Rossum <guido@python.org> wrote:
Yup, it's because upstream cpython has this file:
https://github.com/gvanrossum/cpython/blob/master/.github/dependabot.yml
I still think this is a bug (or missing feature) in dependabot. Please +1 that issue!
On Tue, Dec 1, 2020 at 7:52 AM Mariatta <mariatta@python.org> wrote:
Maybe a recent change in dependabot. This open ticket seems related https://github.com/dependabot/dependabot-core/issues/2804
On Tue., Dec. 1, 2020, 7:36 a.m. Guido van Rossum, <guido@python.org> wrote:
I got this too on two forks of cpython. It smells like a dependabot mistake.
On Tue, Dec 1, 2020 at 04:59 Terry Reedy <tjreedy@udel.edu> wrote:
This morning I woke to find that dependabot had added two new branches to my cpython fork https://github.com/terryjreedy/cpython/branches and had created corresponding PRs https://github.com/terryjreedy/cpython/pull/3 https://github.com/terryjreedy/cpython/pull/4
Whether all forks or all committers or just me got these, it seems wrong. I suspect that I should just close the extraneous PRs and delete the branches.
Dependabot also created the same branches and PRs directly on python/cpython. https://github.com/python/cpython/branches https://github.com/python/cpython/pull/23582 https://github.com/python/cpython/pull/23583 Only these PRs got the proper labels. Someone should merge these PRs and delete the branches.
Also, it seems that dependabot should be reconfigured to not create duplicate branches and PRs.
-- Terry Jan Reedy
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/3... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- --Guido (mobile)
python-committers mailing list -- python-committers@python.org To unsubscribe send an email to python-committers-leave@python.org https://mail.python.org/mailman3/lists/python-committers.python.org/ Message archived at https://mail.python.org/archives/list/python-committers@python.org/message/F... Code of Conduct: https://www.python.org/psf/codeofconduct/
-- --Guido van Rossum (python.org/~guido) *Pronouns: he/him **(why is my pronoun here?)* <http://feministing.com/2015/02/03/how-using-they-as-a-singular-pronoun-can-c...>
participants (3)
-
Guido van Rossum -
Mariatta -
Terry Reedy