-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Audit - Outdated dependencies #1132
Comments
yep - just need to find the time :-) |
This issue is stale because it has been open for 30 days with no |
As CloudEvents provide SDKs with out of the box integration with 3rd party libraries, could we add either dependabot or renovate for managing all dependencies for all CloudEvents repositories? For example, on the JAVA-SDK repository, the latest SDK update is from May 15, 2023 and the following packages have known vulnerabilities on 3rd party dependencies:
|
Yes, we use Dependabot in the |
This issue is stale because it has been open for 30 days with no |
After reviewing the recent security audit I was wondering whether we should enable Github Dependabot for this repo to automatically bump deps.
cc/ @duglin @lionelvillard
The text was updated successfully, but these errors were encountered: