Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [ee4j-pmc] Accepting changes from dependabot

You can just accept them. 

Dependency updates don't generally introduce intellectual property exposures, but do note that we depend on the project team to identify third party content that may require review (i.e., if you believe that one of these changes introduces an exposure, open a CQ for it).

We have an issue open to resolve this.

Wayne


On Tue, Nov 17, 2020 at 11:50 AM arjan tijms <arjan.tijms@xxxxxxxxx> wrote:
Hi,

Dependabot regularly does PRs to update dependencies, but being a bot it didn't sign the ECA and I think it's not even capable of doing so.

Can we accept these changes or not? I've seen some people accepting them, and some people rejecting them.

Kind regards,
Arjan Tijms
_______________________________________________
ee4j-pmc mailing list
ee4j-pmc@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/ee4j-pmc


--

Wayne Beaton

Director of Open Source Projects | Eclipse Foundation, Inc.

Join us at our virtual event: EclipseCon 2020 - October 20-22


Back to the top