Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE dependabot from updating deps to earlier RC versions #425

Closed
a-blender opened this issue Oct 28, 2023 · 1 comment
Closed

Fix CVE dependabot from updating deps to earlier RC versions #425

a-blender opened this issue Oct 28, 2023 · 1 comment
Labels
team/area2

Comments

@a-blender
Copy link
Contributor

a-blender commented Oct 28, 2023
edited
Loading

The TFP rke provider (or just general?) dependabot is updating deps to earlier RC versions which will affect release. This was seen yesterday in 2 separate PRs. Example: #424 (comment), #417 (comment).
@a-blender a-blender changed the title Fix CVE dependabot from updating deps to earlier rc versions Fix CVE dependabot from updating deps to earlier RC versions Oct 28, 2023
@superseb
Copy link
Contributor

@a-blender What is the ask here? We don't operate dependabot, you can file issues here.

You can switch to Renovate if you want, it can be deployed using this workflow. Make sure to disable dependabot in that case.

Let me know if you need any help on this.

@superseb superseb removed their assignment Oct 30, 2023
@a-blender a-blender closed this as not planned Won't fix, can't repro, duplicate, stale Oct 30, 2023
@zube zube bot closed this as completed Jan 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
team/area2
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@superseb @a-blender