Jeff Widman

This will likely have to sit on backlog for several years until PEP-691 (adopted last year) sees more widespread adoption.

Related ticket with more technical info: * https://github.com/devpi/devpi/issues/1018

Does it reproduce using the dry-run or CLI script? See https://github.com/dependabot/dependabot-core#debugging-problems for instructions. TBH, this probably isn't something the core team will have a chance to look at closely anytime...

👋 Sorry for the delay. I reviewed https://github.com/dependabot/dependabot-core/pull/6031, which would add support for NuGet package lock files to :dependabot: and the PR itself looked very straightforward / solid, but I...

Adding some breadcrumbs re: registries for Helm charts: * https://github.com/github/roadmap/issues/122 * https://github.com/github/roadmap/issues/120 * https://github.com/kubernetes/registry.k8s.io 👈 announced fairly recently, we'll see if they eventually support helm charts not just OCI images......

Yeah, this should be re-opened, it got missed back when we had stalebot a long time ago. I'm not sure we'll do it... as noted above, we have some interest...

If do ever implement this, note [the warning](https://github.com/dependabot/dependabot-core/issues/2127#issuecomment-514981931) from @greysteil: > it's surprisingly tricky to do in Ruby whilst avoiding the potential for DoS attacks from memory leaks.

While I wasn't in a hurry to bump this for fear of accidentally breaking compatibility with `php` `7.x` code, we are starting to see test failures that indicate we will...

I don't know enough about PHP and also our usage of `composer` to know if us bumping to `8.x` will break Dependabot on anyone running with `7.4`, as that's still...

Let me work through the build failures, and then I'll tag some PHP folks... but the build failures are because of various things that we'll have to fix whenever this...