You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We need to clean up this repo's pull requests, specifically the PRs opened by Dependabot & Snyk, because many are outdated and contain high severity dependency alerts.
Action Items
Manually resolve PRs opened by Snyk. Snyk no longer has access to Chayn's repos because we use Dependabot now, since Snyk won't be able to interact with these PRs any further, we will need to make these changes manually.
Resolve dependabot alerts. Approve their workflow runs and resolve any merge conflicts. Locally test these changes. If they pass all tests, merge these PRs. If the tests don't pass, keep the PR open for future reference. If there are repeat PRs for the same dependency, try to merge the highest version possible and close the rest.
Open new issues and triage with staff software engineers for dependency upgrades that result in test failures.
Note: there is a workflow from Snyk called security/snyk (chaynteam) that is required for merging, please bypass this requirement as Snyk has been removed from this repo and can no longer access it.
Overview
We need to clean up this repo's pull requests, specifically the PRs opened by Dependabot & Snyk, because many are outdated and contain high severity dependency alerts.
Action Items
Note: there is a workflow from Snyk called
security/snyk (chaynteam)
that is required for merging, please bypass this requirement as Snyk has been removed from this repo and can no longer access it.Resources
To resolve remaining dependency alerts, nextjs must be updated.
The text was updated successfully, but these errors were encountered: