You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomee.apache.org by Jonathan Gallimore <jo...@gmail.com> on 2019/10/28 20:22:56 UTC

Dependabot

Something called "dependabot" has created branches with dependency updates.
Anyone know anything about this?

I have no issues with merging these changes in, just wondered if someone
was tinkering around before I do.

Jon

Re: Dependabot

Posted by Jonathan Gallimore <jo...@gmail.com>.

I wonder if someone explicitly set that up. I'm not complaining...

Looks like the two jar identified aren't in the shipping tar.gzs, unless
they are being shaded somewhere. I'll dig into it.

Jon

On Mon, Oct 28, 2019 at 8:41 PM Aldrin Leal <al...@leal.eng.br> wrote:

> Its github patching CVEs:
>
> https://github.com/marketplace/dependabot-preview
> --
> -- Aldrin Leal, <al...@leal.eng.br> / https://ingenieux.io/about/
>
>
> On Mon, Oct 28, 2019 at 3:23 PM Jonathan Gallimore <
> jonathan.gallimore@gmail.com> wrote:
>
> > Something called "dependabot" has created branches with dependency
> updates.
> > Anyone know anything about this?
> >
> > I have no issues with merging these changes in, just wondered if someone
> > was tinkering around before I do.
> >
> > Jon
> >
>

Re: Dependabot

Posted by Aldrin Leal <al...@leal.eng.br>.

Its github patching CVEs:

https://github.com/marketplace/dependabot-preview
--
-- Aldrin Leal, <al...@leal.eng.br> / https://ingenieux.io/about/


On Mon, Oct 28, 2019 at 3:23 PM Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> Something called "dependabot" has created branches with dependency updates.
> Anyone know anything about this?
>
> I have no issues with merging these changes in, just wondered if someone
> was tinkering around before I do.
>
> Jon
>