-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependabot isn't as dependable as people would like it to be? :-) #26554
Comments
added #26555 meanwhile |
We have a comment saying:
which is I guess why we have not added the dependency to the |
@geoand it may be. I saw that comment and was a bit puzzled tbh. The wonders of maven... :-) |
So we should either remove the comment (if it is no longer applicable), or comment out dependabot configuration for mermaid (with the appropriate explanation) |
cc @gsmet |
I created #26611 which makes the dependency visible to Dependabot and excludes any unwanted dependencies from where it is used |
Description
Hi,
was tracking a snyk vulnerability in a project we use quarkus and noticed mermaid-js was out of date.
Checking the
.github/dependabot.yml
I can wee the package should have been auto-updated, yet, seems to have been forgotten?@gsmet tagging you as you seem to be the 3PP overlord atm. ;-)
Implementation ideas
No response
The text was updated successfully, but these errors were encountered: