Skip to content

[deps] Stop pinning apk deps, but run dependabot weekly #522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nemesifier merged 1 commit into from
Oct 9, 2025
Merged

[deps] Stop pinning apk deps, but run dependabot weekly #522

nemesifier merged 1 commit into from
Oct 9, 2025

Conversation

@nemesifier
Copy link
Member

@nemesifier nemesifier commented Oct 9, 2025

Checklist

  • I have read the OpenWISP Contributing Guidelines.
  • I have manually tested the changes proposed in this pull request.
  • N/A I have written new test cases for new code and/or updated existing tests for changes to existing code.
  • N/A I have updated the documentation.

Description of Changes

Pinning our apk dependencies brought maintainance nightmares:

  • PRs frequently breaking due to yanked packages
  • Dependabot PRs not able to update base images due to versions being pinned and hence not available in new base images

This patch aims to get more frequent dependabot PRs but with less failures, which will allow us to merge them faster.

@nemesifier
[deps] Stop pinning apk deps, but run dependabot weekly
71b25ba 
Pinning our apk dependencies brought maintainance nightmares:

- PRs frequently breaking due to yanked packages
- Dependabot PRs not able to update base images
  due to versions being pinned and hence not available
  in new base images

This patch aims to get more frequent dependabot PRs but
with less failures, which will allow us to merge them faster.
@nemesifier nemesifier self-assigned this Oct 9, 2025
@nemesifier nemesifier added the dependencies Pull requests that update a dependency file label Oct 9, 2025
@github-project-automation github-project-automation bot moved this to Backlog in 25.09 Release Oct 9, 2025
@nemesifier nemesifier merged commit 71b25ba into master Oct 9, 2025
4 checks passed
@nemesifier nemesifier deleted the remove-pinning branch October 9, 2025 23:01
@github-project-automation github-project-automation bot moved this from Backlog to Done in 25.09 Release Oct 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@nemesifier nemesifier

Labels

dependencies Pull requests that update a dependency file

Projects

25.09 Release
Status: Done
OpenWISP Priorities for next releases
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nemesifier