Replies: 2 comments 2 replies
-
That's not possible I'm afraid for two reasons:
|
Beta Was this translation helpful? Give feedback.
-
I was looking at making some PRs based on updating dependencies that are having CVE issues reported by Sonatype CLM. We use sonatype for eve scanning and dependabot for version updating at my work. Besides not upgrading quarkus/wildfly dependencies directly are there any other restrictions I should be aware of? Dependabot might still be a viable option btw as each upgrade is a separate PR and you can choose to ignore. Not sure if you can configure dependant to ignore certain libraries as I didn't set up our CICD or configure. Also if Im doing these version changes as a PR do I need to limit to one dependency per PR (if Possible)? or can I submit multiple as a single PR? |
Beta Was this translation helpful? Give feedback.
-
We can use Dependabot to keep packages we use updated to the latest versions. This will ensure that we can do timely updates for our dependencies without having to make massive PRs that update all of them together at the same time.
Beta Was this translation helpful? Give feedback.
All reactions