mirror of
https://github.com/open-metadata/OpenMetadata
synced 2026-05-24 09:39:11 +00:00
5696286b27
* Address transitive vulnerabilities * Address transitive vulnerabilities * fix(deps): resolve pyOpenSSL/cryptography conflict and align constraint pins CI dependency resolution failed because pyOpenSSL~=24.1.0 caps cryptography at <43, conflicting with the cryptography>=44.0.1 bump. Widens pyOpenSSL to >=24.3.0 (first version compatible with cryptography 44.x) and aligns the airflow constraint file pins for cryptography and GitPython with the upstream setup.py bumps so pip install -c can resolve. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
67 lines
1.6 KiB
YAML
67 lines
1.6 KiB
YAML
version: 2
|
|
|
|
# NOTE: This file controls Dependabot version-update PRs only.
|
|
# It does NOT suppress Dependabot security alerts on the Security tab.
|
|
# To auto-dismiss transitive (indirect) alerts, configure auto-triage rules at
|
|
# Settings -> Code security -> Dependabot -> "Manage rules".
|
|
|
|
updates:
|
|
- package-ecosystem: "pip"
|
|
directory: "/ingestion"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
open-pull-requests-limit: 5
|
|
labels:
|
|
- "dependencies"
|
|
- "python"
|
|
groups:
|
|
python-minor-patch:
|
|
update-types:
|
|
- "minor"
|
|
- "patch"
|
|
ignore:
|
|
# urllib3 is pinned <2.0 transitively via tableauserverclient==0.25.
|
|
# See ingestion/setup.py comment on the tableau pin.
|
|
- dependency-name: "urllib3"
|
|
versions: [">=2.0.0"]
|
|
|
|
- package-ecosystem: "maven"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
open-pull-requests-limit: 5
|
|
labels:
|
|
- "dependencies"
|
|
- "java"
|
|
groups:
|
|
maven-minor-patch:
|
|
update-types:
|
|
- "minor"
|
|
- "patch"
|
|
|
|
- package-ecosystem: "npm"
|
|
directory: "/openmetadata-ui/src/main/resources/ui"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
open-pull-requests-limit: 5
|
|
labels:
|
|
- "dependencies"
|
|
- "javascript"
|
|
groups:
|
|
npm-minor-patch:
|
|
update-types:
|
|
- "minor"
|
|
- "patch"
|
|
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|
|
day: "monday"
|
|
open-pull-requests-limit: 3
|
|
labels:
|
|
- "dependencies"
|
|
- "github-actions"
|