Hey guys, Did you see dependabot on our repos? Like this automatic PR https://github.com/apache/maven-plugins/pull/147#pullrequestreview-303889692
I feel this is very useful, but... does anyone enabled it? Do we have to set a policy, this suggestions are security related fixes, we could give them some kind of high priority? Enrico
