Open
Description
Describe the task
We have several external dependencies which are version-locked for reproducibility and security. We should regularly check those for updates. A Github Action scheduled job (cron-style) could do that. It could automatically submit a PR with the suggested update.
- Github Actions (
uses:
) Github: Enable dependabot for workflow dependencies #2778 - Pinned dependencies in the build process (aqt, Qt, JACK, jom, NSIS) CI: Check for dependency updates automatically #2777
- Android SDK/NDK/Commandlinetools)
- Check Autobuild: Refactor and add dependency pinning #2345 wrt completeness
- Submodules (liboboe)
- Add automated update to pylint (inclusion here closes Add automated update to pylint #3056)
Solutions to look into:
- dependabot
- https://github.com/apps/renovate
Metadata
Metadata
Assignees
Type
Projects
Status
Backlog