I had two repositories with Jena that received dependabot updates this
morning. It even created the PR with the updated dependency :-) good process.
Only had to press one button to merge it.
Thanks
Bruno
On Tuesday, 21 September 2021, 08:00:22 pm NZST, Andy Seaborne
<a...@apache.org> wrote:
FYI:
The GH security dependabot has started doing the rounds. It is flagging
up our security update (CVE-2021-39239 -- XML reading) on GH repos
depending on <= 4.1.0.
It has also flagged up "4.3.0-SNAPSHOT" - it, or maven, always did get a
bit confused by version that aren't x.y.z.
Andy
