Skip to content

Update dependabot to allow patching Kubernetes related dependencies #504

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 10, 2025
Merged

Update dependabot to allow patching Kubernetes related dependencies #504

merged 3 commits into from
Oct 10, 2025
+17 −0

Conversation

MaciejKaras
Copy link
Collaborator

@MaciejKaras MaciejKaras commented Oct 8, 2025
edited
Loading

Summary

Proof of Work

N/A

Checklist

  • Have you linked a jira ticket and/or is the ticket in the title?
  • Have you checked whether your jira ticket required DOCSP changes?
  • Have you added changelog file?

@MaciejKaras MaciejKaras added the skip-changelog Use this label in Pull Request to not require new changelog entry file label Oct 8, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 8, 2025
edited
Loading

⚠️ (this preview might not be accurate if the PR is not rebased on current master branch)

MCK 1.5.0 Release Notes

New Features

  • Improve automation agent certificate rotation: the agent now restarts automatically when its certificate is renewed, ensuring smooth operation without manual intervention and allowing seamless certificate updates without requiring manual Pod restarts.

Bug Fixes

  • MongoDBMultiCluster: fix resource stuck in Pending state if any clusterSpecList item has 0 members. After the fix, a value of 0 members is handled correctly, similarly to how it's done in the MongoDB resource.
  • MultiClusterSharded: Blocked removing non-zero member cluster from MongoDB resource. This prevents from scaling down member cluster without current configuration available, which could lead to unexpected issues.

@MaciejKaras MaciejKaras marked this pull request as ready for review October 8, 2025 09:52
@MaciejKaras MaciejKaras requested a review from a team as a code owner October 8, 2025 09:52
@anandsyncs
Copy link
Contributor

/evergreen retry

m1kola
m1kola reviewed Oct 10, 2025
View reviewed changes
.github/dependabot.yml
Comment on lines +15 to +17
update-types:
- version-update:semver-major
- version-update:semver-minor
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@MaciejKaras I had a look at the Dependabot docs. Do I understand correctly that with this change we say - "you must still not update major and minor versions for us so we can do that manually, but if you see a new patch version - please bump it"?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, that's what I understood as well. We basically block dependabot to think about updating major and minor versions, but allow him to update patches. This is beneficial for any security or plain bug fixes.

m1kola
m1kola reviewed Oct 10, 2025
View reviewed changes
@MaciejKaras MaciejKaras merged commit 35b2a30 into master Oct 10, 2025
11 of 12 checks passed
@MaciejKaras MaciejKaras deleted the maciejk/allow-dependabot-patch-versions branch October 10, 2025 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@m1kola m1kola m1kola approved these changes

@viveksinghggits viveksinghggits viveksinghggits approved these changes

@fealebenpae fealebenpae Awaiting requested review from fealebenpae fealebenpae is a code owner automatically assigned from mongodb/kubernetes-hosted

@anandsyncs anandsyncs Awaiting requested review from anandsyncs anandsyncs is a code owner automatically assigned from mongodb/kubernetes-hosted

Assignees
No one assigned
Labels
skip-changelog Use this label in Pull Request to not require new changelog entry file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MaciejKaras @anandsyncs @m1kola @viveksinghggits