tools: exclude @node-core/doc-kit from dependabot cooldown#62775
tools: exclude @node-core/doc-kit from dependabot cooldown#62775kxxt wants to merge 1 commit intonodejs:mainfrom
Conversation
nodejs-github-bot
added
the
meta
ovflowd
added
fast-track
|
Fast-track has been requested by @ovflowd. Please 👍 to approve. |
`@node-core/doc-kit` is an internal package maintained within the nodejs organization, which is unlikely to be a direct source of supply-chain attack. The cooldown only slow down the propagation of new improvements from doc-kit to Node.js repo and causes surprises. The cooldown should be configured in the `doc-kit` repository instead. Currently there is a 3-day cooldown. Maybe we need to increase that to match the 5-day cooldown used in this repository. This patch excludes `@node-core/doc-kit` from the cooldown. Note that `@node-core/doc-kit` is the only dependency in `tools/doc`. But to be future proof, I did't remove the cooldown directly.
github-actions
bot
removed
the
request-ci
|
The CI is failing due to flaky tests: |
This PR didn't need a Jenkins run in the first place, but now that one was started it'll need a clean run to be landable by the commit queue. |
Oh, what conditions determine it requiring a ci run? |
Anything that affects the Node.js binary or tests. Automation should stick a |
9 participants
@node-core/doc-kitis an internal package maintained within the nodejs organization, which is unlikely to be a direct source of supply-chain attack. The cooldown only slow down the propagation of new improvements from doc-kit to Node.js repo and causes surprises.The cooldown should be configured in the
doc-kitrepository instead. Currently there is a 3-day cooldown. Maybe we need to increase that to match the 5-day cooldown used in this repository.This patch excludes
@node-core/doc-kitfrom the cooldown.Note that
@node-core/doc-kitis the only dependency intools/doc.But to be future proof, I did't remove the cooldown directly.
CC @nodejs/security-wg @nodejs/web-infra