Dependabot used to be enabled for our repo <https://github.com/apache/trafficcontrol/pulls?q=author%3Aapp%2Fdependabot> but is now disabled. * Should we enable security alerts on the repo for dependabot (visible only to committers) <https://docs.github.com/en/code-security/supply-chain-security/managing-vulnerabilities-in-your-projects-dependencies/configuring-dependabot-security-updates#enabling-or-disabling-dependabot-security-updates-for-an-individual-repository>? * Should we re-enable dependabot security updates (dependabot creates a PR to update a dependency it notices a vulnerability for)?re-
On Tue, Feb 22, 2022 at 9:20 AM ocket 8888 <[email protected]> wrote: > > If you have anything you want to discuss at next week's meeting, respond to > this email and it's on the agenda.
