You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Status

State: Draft

Discussion thread:

JIRA:


Motivation

Airflow has a large number of dependencies and this won't decrease. I think there are many dependencies that probably can be updated without breaking our code.
But how do we know which of them can be updated and which can't? At the moment we do it manually by creating a PR but wouldn't it be better if we could automate this.
So we can be sure that we have dependencies with always its latest version that works for us.
Not only that, it can also improve airflow's security by showing current vulnerabilities of these dependencies.

Considerations

There are free tools for open source projects to automate this like pyup or dependabot.

They can just be added / granted access to an open source project and then you are good to go.
It will then automatically create a PR when there are updates to a specific dependency.

  • No labels