Security Updates for PNPM #7434
Labels
F: security-updates 🔐
Issues specific to security updates
L: javascript:pnpm
npm packages via pnpm
T: feature-request
Requests for new features
Comments
deivid-rodriguez
added
T: feature-request
mogeko
added a commit
to mogeko/movisea
that referenced
this issue
Jul 3, 2023
But still missing the proper logic to implement security update support. See: dependabot/dependabot-core#7434
|
Dependabot alerts and Security Updates to try and fix them have now been enabled for PNPM 🎉 So let me close this ticket now. Feel free to report any issues you find separately. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there an existing issue for this?
Feature description
We have shipped support for PNPM version updates recently. However, we are still missing the proper logic to implement security update support.
In particular, we need to implement the proper logic to be able to propose updates to the minimum fixed version, given a security advisory.
In addition to that, some other internal changes will be needed to enable this feature, but this issue tracks the changes related to the update logic.
For reference, here is a previous PR implementing the same kind of thing for Github Actions.
The text was updated successfully, but these errors were encountered: