Dependabot

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Dependabot

jgallimore
Something called "dependabot" has created branches with dependency updates.
Anyone know anything about this?

I have no issues with merging these changes in, just wondered if someone
was tinkering around before I do.

Jon
Reply | Threaded
Open this post in threaded view
|

Re: Dependabot

Aldrin Leal
Its github patching CVEs:

https://github.com/marketplace/dependabot-preview
--
-- Aldrin Leal, <[hidden email]> / https://ingenieux.io/about/


On Mon, Oct 28, 2019 at 3:23 PM Jonathan Gallimore <
[hidden email]> wrote:

> Something called "dependabot" has created branches with dependency updates.
> Anyone know anything about this?
>
> I have no issues with merging these changes in, just wondered if someone
> was tinkering around before I do.
>
> Jon
>
Reply | Threaded
Open this post in threaded view
|

Re: Dependabot

jgallimore
I wonder if someone explicitly set that up. I'm not complaining...

Looks like the two jar identified aren't in the shipping tar.gzs, unless
they are being shaded somewhere. I'll dig into it.

Jon

On Mon, Oct 28, 2019 at 8:41 PM Aldrin Leal <[hidden email]> wrote:

> Its github patching CVEs:
>
> https://github.com/marketplace/dependabot-preview
> --
> -- Aldrin Leal, <[hidden email]> / https://ingenieux.io/about/
>
>
> On Mon, Oct 28, 2019 at 3:23 PM Jonathan Gallimore <
> [hidden email]> wrote:
>
> > Something called "dependabot" has created branches with dependency
> updates.
> > Anyone know anything about this?
> >
> > I have no issues with merging these changes in, just wondered if someone
> > was tinkering around before I do.
> >
> > Jon
> >
>