I wonder if someone explicitly set that up. I'm not complaining... Looks like the two jar identified aren't in the shipping tar.gzs, unless they are being shaded somewhere. I'll dig into it.
Jon On Mon, Oct 28, 2019 at 8:41 PM Aldrin Leal <[email protected]> wrote: > Its github patching CVEs: > > https://github.com/marketplace/dependabot-preview > -- > -- Aldrin Leal, <[email protected]> / https://ingenieux.io/about/ > > > On Mon, Oct 28, 2019 at 3:23 PM Jonathan Gallimore < > [email protected]> wrote: > > > Something called "dependabot" has created branches with dependency > updates. > > Anyone know anything about this? > > > > I have no issues with merging these changes in, just wondered if someone > > was tinkering around before I do. > > > > Jon > > >
