When a new PR would introduce vulnerabilities, for example through old transitive dependencies, the pipeline would fail and the PR could not be merged until all vulnerabilities have been fixed (by upgrading, excluding or overriding dependency versions).
When a new PR would introduce vulnerabilities, for example through old transitive dependencies, the pipeline would fail and the PR could not be merged until all vulnerabilities have been fixed (by upgrading, excluding or overriding dependency versions).