mdedetrich commented on PR #55: URL: https://github.com/apache/incubator-pekko-projection/pull/55#issuecomment-1580009394
> Can we delay this till after this repo is released? The first Pekko releases are not meant to make changes to dependencies and try to match last OSS Akka releases. Well sbt-dependency-check checks for CVE's in dependencies and we have an exception for CVE's? Scala-steward is whats responsible for automatically making PR's for dependency updates. Also adding sbt-dependency-check doesn't actually do anything, it just creates alerts if it happens that one of your dependencies has a CVE. You can also ignore them if you want. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
