[
https://issues.apache.org/jira/browse/SLING-12492?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17905246#comment-17905246
]
Robert Munteanu commented on SLING-12492:
-----------------------------------------
Yup, let's please discuss on dev@ . I suspect the defaults are used and only
feature enablement/disablement are configured in the .asf.yaml file. To my
knowledge, there is no org-level configuration possible for dependabot.
> Apache Sling Scripting JavaScript 3.1.4 is affected by vulnerabilities
> CVE-2022-32549 and CVE-2021-29425.
> ---------------------------------------------------------------------------------------------------------
>
> Key: SLING-12492
> URL: https://issues.apache.org/jira/browse/SLING-12492
> Project: Sling
> Issue Type: Improvement
> Components: Scripting
> Affects Versions: Scripting JavaScript 3.1.4
> Reporter: Scott Yuan
> Assignee: Eric Norman
> Priority: Minor
> Fix For: Scripting JavaScript 3.1.6
>
>
> The MVN Repository reports that the latest release, Apache Sling Scripting
> JavaScript 3.1.4, is affected by vulnerabilities CVE-2022-32549 and
> CVE-2021-29425 due to outdated dependencies. For more details, visit MVN
> Repository.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
