Le 03/10/2023 à 20:18, Bruno Kinoshita a écrit :
Same for me, I prefer to know ahead of time if there are any issues with dependencies.
But the Commons components are mostly dependency-less, we are flooded by dependabot requests to update non code related dependencies (Maven plugins, GitHub actions) for non critical purposes. It would be better to have such notifications for CVEs only.
Emmanuel Bourg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org