slievrly commented on issue #7140: URL: https://github.com/apache/incubator-seata/issues/7140#issuecomment-2647131076
> I usually use dependabot but something about this repo confuses dependabot. It is usually pretty good with Maven based builds. > > Maybe you could add this maven plugin. > > https://jeremylong.github.io/DependencyCheck/dependency-check-maven/ Thank you very much for your sharing! Actually, Dependabot is quite useful, especially for npmjs front-end dependencies. Since Seata joined ASF, a significant number of dependency security fixes have been made, and over 400 issues have been resolved so far.  -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@seata.apache.org For additional commands, e-mail: notifications-h...@seata.apache.org
