Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orb-dev] Source for dependabot PR 151 in ORB

Thanks Steve,

On Thu, 9 Feb 2023 at 18:15, Steve Millidge (Payara)
<steve.millidge@xxxxxxxxxxx> wrote:
> Is it something that GitHub is just doing as it says " commented on behalf of github"? I can't see configured GitHub apps on this project. However we get these on some Payara repos without us configuring the bot specifically. I think it is something you have to explicitly switch off?

> Don't know why it has only showed up now. If you go to this page you can see that dependabot is enabled.

It looks the vulnerability was patched in just released 7.7.0 - that's
why only now it resulted in PR.



HOW could I miss THAT? It's just one click away from Advisories! And I
WAS looking for exactly that - dependabot vuln. alerts.

This is all clear now.

Thank you,


Back to the top