Yes, thanks to INFRA for the fast fix. There are a couple of issues reported at https://github.com/apache/camel-spring-boot/security/dependabot as well.
Colm. On Thu, Feb 3, 2022 at 4:19 PM Karen Lease <[email protected]> wrote: > > That was fast, I already am able to see the camel page: > https://github.com/apache/camel/security/dependabot > > Thanks Colm. > > On 03/02/2022 15:07, Colm O hEigeartaigh wrote: > > https://issues.apache.org/jira/browse/INFRA-22830 > > > > Colm. > > > > On Thu, Feb 3, 2022 at 2:06 PM Colm O hEigeartaigh <[email protected]> > > wrote: > >> > >> Yes exactly, you can't see the CXF alerts (actually they are all > >> fixed) because you aren't a committer there. > >> > >> Colm. > >> > >> On Thu, Feb 3, 2022 at 1:31 PM Otavio Rodolfo Piske > >> <[email protected]> wrote: > >>> > >>> Hi, > >>> > >>> Thanks for looking into this! > >>> > >>> +1 from me. I also couldn't see the ones from CXF, but I presume we > >>> should expect to see a report like this [1], right? > >>> > >>> 1. https://nftb.saturdaymp.com/today-i-learned-about-githubs-dependabot/ > >>> > >>> On Thu, Feb 3, 2022 at 1:31 PM Zoran Regvart <[email protected]> wrote: > >>>> > >>>> Hi, Colm > >>>> > >>>> On Thu, Feb 3, 2022 at 1:02 PM Colm O hEigeartaigh <[email protected]> > >>>> wrote: > >>>>> > >>>>> Hi, > >>>>> > >>>>> I've worked with INFRA to enable GitHub dependabot alerts for various > >>>>> Apache projects. The idea is that the GitHub committers for a given > >>>>> project can have access to the page on GitHub (for example for CXF: > >>>>> https://github.com/apache/cxf/security/dependabot) which shows the > >>>>> list of dependencies for the project with known CVEs. > >>>>> > >>>>> I plan to do the same for Camel on these repos: > >>>>> > >>>>> https://github.com/apache/camel > >>>>> https://github.com/apache/camel-karaf > >>>>> https://github.com/apache/camel-quarkus > >>>>> https://github.com/apache/camel-spring-boot > >>>>> > >>>>> Any objections or anything I'm missing? If not I'll proceed with > >>>>> enabling it. > >>>> > >>>> +1 from me, thanks Colm for looking into it, I keep seeing those on > >>>> push, but I can't access the /security/dependabot page so this will be > >>>> very helpful. > >>>> > >>>> zoran > >>>> -- > >>>> Zoran Regvart > >>> > >>> > >>> > >>> -- > >>> Otavio R. Piske > >>> http://orpiske.net
