[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [orb-dev] Source for dependabot PR 151 in ORB
|
Thanks Steve,
On Thu, 9 Feb 2023 at 18:15, Steve Millidge (Payara)
<steve.millidge@xxxxxxxxxxx> wrote:
>
> Is it something that GitHub is just doing as it says " commented on behalf of github"? I can't see configured GitHub apps on this project. However we get these on some Payara repos without us configuring the bot specifically. I think it is something you have to explicitly switch off?
> Don't know why it has only showed up now. If you go to this page https://github.com/eclipse-ee4j/orb/security you can see that dependabot is enabled.
It looks the vulnerability was patched in just released 7.7.0 - that's
why only now it resulted in PR.
> https://github.com/eclipse-ee4j/orb/security
Yes!
HOW could I miss THAT? It's just one click away from Advisories! And I
WAS looking for exactly that - dependabot vuln. alerts.
This is all clear now.
Thank you,
Piotrek