GitHub Community
Dependabot ignored Python dependency scope #44035
Unanswered
niccokunzmann
asked this question in
Code Security
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Select Topic Area
Bug
Body
I opened an issue on collective/icalendar because dependabot openes pull requests which install backports.zoneinfo which should only be installed on Python versions 3.7 and 3.8.
See the issue:
collective/icalendar#509
And the PR:
niccokunzmann/open-web-calendar#142
The problem: icalendar creates the correct version information in the setup.py file. Dependabot however ignores the scope and creates a pull request that installs backports.zoneinfo on all python versions.
I think, this is feedback for @dependabot.
Beta Was this translation helpful? Give feedback.
All reactions