vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add the rotation worksheet into the dependency management document 

Signed-off-by: Benjamin Wang <wachao@vmware.com>
dependabot/go_modules/github.com/prometheus/procfs-0.11.0
Benjamin Wang 2023-05-24 19:55:30 +08:00
parent 04346e870f
commit 24b3ae9a17
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Documentation/contributor-guide/dependency_management.md
View File

@ -8,6 +8,7 @@ Dependency management
- [Steps to bump a dependency](#steps-to-bump-a-dependency) - [Steps to bump a dependency](#steps-to-bump-a-dependency)
- [Indirect dependencies](#indirect-dependencies) - [Indirect dependencies](#indirect-dependencies)
- [About gRPC](#about-grpc) - [About gRPC](#about-grpc)
- [Rotation worksheet](#rotation-worksheet)
- **[Stable branches](#stable-branches)** - **[Stable branches](#stable-branches)**
# Main branch # Main branch
@ -83,6 +84,11 @@ The plan is to remove the dependency on some grpc-go's experimental API firstly,
`go.opentelemetry.io/otel` version update is indirectly blocked due to this gRPC issue. Please get more details in [pull/15810](https://github.com/etcd-io/etcd/pull/15810). `go.opentelemetry.io/otel` version update is indirectly blocked due to this gRPC issue. Please get more details in [pull/15810](https://github.com/etcd-io/etcd/pull/15810).
## Rotation worksheet
The dependabot scheduling interval is weekly; it means dependabot will automatically raise a bunch of PRs per week.
Usually human intervention is required each time. We have a [rotation worksheet](https://docs.google.com/spreadsheets/d/1DDWzbcOx1p32MhyelaPZ_SfYtAD6xRsrtGRZ9QXPOyQ/edit#gid=0),
and everyone is welcome to participate; you just need to register your name in the worksheet.
# Stable branches # Stable branches
Usually we don't proactively bump dependencies for stable releases unless there are any CVEs or bugs that affect etcd. Usually we don't proactively bump dependencies for stable releases unless there are any CVEs or bugs that affect etcd.