Naveen S created SPARK-36916:
--------------------------------
Summary: Enable Dependabot for improving security posture of the
dependencies
Key: SPARK-36916
URL: https://issues.apache.org/jira/browse/SPARK-36916
Project: Spark
Issue Type: Bug
Components: Project Infra
Affects Versions: 3.1.2
Reporter: Naveen S
h3. Why are the changes needed?
[https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically]
Having knowledge about vulnerabilities of the dependencies helps the project
owners decide on their dependencies security posture to make decisions.
If the project decides to get updates only on security updates and not on any
version updates then setting these options would not open any PR 's
{{open-pull-requests-limit: 0}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
