vitalif
/
etcd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #15946 from ahrtr/dependency_rotato_20230524 

Add the rotation worksheet into the dependency management document
dependabot/go_modules/github.com/prometheus/procfs-0.11.0
Benjamin Wang 2023-06-03 05:28:05 +08:00 committed by GitHub
parent 004195bb6e 24b3ae9a17
commit 8da2a5bf46
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Documentation/contributor-guide/dependency_management.md
View File

@ -8,6 +8,7 @@ Dependency management
- [Steps to bump a dependency](#steps-to-bump-a-dependency)
- [Indirect dependencies](#indirect-dependencies)
- [About gRPC](#about-grpc)
- [Rotation worksheet](#rotation-worksheet)
- **[Stable branches](#stable-branches)**
# Main branch
@ -83,6 +84,11 @@ The plan is to remove the dependency on some grpc-go's experimental API firstly,
`go.opentelemetry.io/otel` version update is indirectly blocked due to this gRPC issue. Please get more details in [pull/15810](https://github.com/etcd-io/etcd/pull/15810).
## Rotation worksheet
The dependabot scheduling interval is weekly; it means dependabot will automatically raise a bunch of PRs per week.
Usually human intervention is required each time. We have a [rotation worksheet](https://docs.google.com/spreadsheets/d/1DDWzbcOx1p32MhyelaPZ_SfYtAD6xRsrtGRZ9QXPOyQ/edit#gid=0),
and everyone is welcome to participate; you just need to register your name in the worksheet.
# Stable branches
Usually we don't proactively bump dependencies for stable releases unless there are any CVEs or bugs that affect etcd.