Upgrade to elasticsearch v8 or determine how to pin to v7 for dependabot #81
Comments
jtherrmann
changed the title
<8 for dependabot
|
Dependabot should now ignore updates beyond v7. If we see any v8 bumps, or if we don't see anymore v7 bumps, then that would indicate that I got the dependabot config wrong. |
|
Let's keep this open until we confirm that dependabot is opening PRs for v7 minor and patch releases. We're currently pinned to I'm going to hold off on making further changes to dependabot until next Monday, just to see what happens. I would expect it to open a PR to upgrade to 7.17.9 from PyPI. In that case, we should:
I don't think dependabot.yml will need to change. |
|
We didn't see the expected dependabot PR to upgrade to the latest PyPI version, not sure why. May as well pin to a GitHub release and see if that works as expected. |
|
Oh, I was looking at the wrong GitHub repo. The actual release history is at https://github.com/elastic/elasticsearch-py/releases and shows that the latest v7 release is 7.17.9 from Feb 2023, same as PyPI (although there are a few more recent v7 tags, not sure why). So anyway, we can keep pinning to PyPI, but I'm still not sure why we didn't see a dependabot PR for upgrading v7.10.1 -> 7.17.9. |
|
I changed the ignore version from |
|
Nice, it worked: #98 |
Jira: https://asfdaac.atlassian.net/browse/TOOL-2899
Note: The above link is accessible only to members of ASF.
If we upgrade to elasticsearch v8.x.x, it needs to be coupled with an upgrade within AWS, which would require a CloudFormation change. However, it looks like updates are still being released for both v7 and v8 (see releases) so we could stay at v7 if we want, in which case we should see if we can configure dependabot to open version bumps only for v7.x.x releases, as it's currently trying to upgrade to v8: #75
The text was updated successfully, but these errors were encountered: