New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: triage Dependabot updates #15420
Labels
type: proposal
Proposals and design documents
Comments
TSC conversation notes:
|
TSC conversation notes: The work may be much larger than documented here. How to package it as a proposal?
Continue discussion offline and next week. |
Alternate way to package this up: leave no critical or high severity upgrades behind. Every one should have been researched and routed, with trivial work done and non-trivial work in the engineering pipeline. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
Dependabot alerts are up to 300, from 23 about a year ago.
By severity:
Solution
I will work through all alerts for necessary security patches:
Non-goals
This work excludes patching Magma source code. In places where an upgrade requires changes to, for example, React code, that is out of scope.
Work beyond 6-8 weeks.
Bid
I estimate this work will take 6-8 weeks. I am asking for $6,000 to perform it.
Note that I am submitting this bid as the first party, under my own name, and not via OSPOCO.
Acceptance:
The text was updated successfully, but these errors were encountered: