google
Automate submodule updates
Describe the bug Git submodules aren't routinely updated, notably the OSV Schema
To Reproduce Steps to reproduce the behaviour:
$ git submodule status
88e5ae3c40c85b702ba89a34c29f233048abb12b docker/worker/osv-test (v0.2-4-g88e5ae3)
b241bbc1ad920771707fe03e4cedd4e8c492e143 gcp/api/googleapis (common-protos-1_3_1-3027-gb241bbc1a)
21c7653f2e948af769618c3b91b94a54d2935ac1 osv/osv-schema (v1.6.0)
(v1.6.3 is the latest release)
Expected behaviour The OSV Schema in particular tracks the latest released version
Additional context
- https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
- https://docs.renovatebot.com/modules/manager/git-submodules/
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Temporary workaround: added to the weekly work documentation for the onduty engineer to consider the necessity of doing
Dependabot does support git submodule - I just updated my experimental dependabot.yml to see if dependabot can help with this.
