...
Future Topics:
Action items
Enable major version update recommendations by Dependabot: review open PRs and pick-and-choose which ones could be merged as-is and which ones should be actioned by someone (more as a recommendation to update than as a solution). Project is in a testing state that allows us to move forward with this.
OpenSSF Scorecard:
We are using poetry for dependency management, and it is creating a lockfile. Likely configuration issue for detecting pinned dependencies.
Token permissions will require tokens to be revoked and recreated with the minimum set of permissions required for it to work correctly.
Important Links:
Discord: https://discord.com/invite/yjvGPd5FCU (Click Accept Invite, check out the #aca-py channel)
...