Hi, Thanks for looking into this!
+1 from me. I also couldn't see the ones from CXF, but I presume we should expect to see a report like this [1], right? 1. https://nftb.saturdaymp.com/today-i-learned-about-githubs-dependabot/ On Thu, Feb 3, 2022 at 1:31 PM Zoran Regvart <zo...@regvart.com> wrote: > Hi, Colm > > On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <cohei...@apache.org> > wrote: > > > > Hi, > > > > I've worked with INFRA to enable GitHub dependabot alerts for various > > Apache projects. The idea is that the GitHub committers for a given > > project can have access to the page on GitHub (for example for CXF: > > https://github.com/apache/cxf/security/dependabot) which shows the > > list of dependencies for the project with known CVEs. > > > > I plan to do the same for Camel on these repos: > > > > https://github.com/apache/camel > > https://github.com/apache/camel-karaf > > https://github.com/apache/camel-quarkus > > https://github.com/apache/camel-spring-boot > > > > Any objections or anything I'm missing? If not I'll proceed with > enabling it. > > +1 from me, thanks Colm for looking into it, I keep seeing those on > push, but I can't access the /security/dependabot page so this will be > very helpful. > > zoran > -- > Zoran Regvart > -- Otavio R. Piske http://orpiske.net
