@bboutkov noted that we have some vulnerable dependencies listed on https://mvnrepository.com/artifact/io.projectglow/glow-spark3_2.12/1.2.1. This PR updates the vulnerable dependencies and enables the Scala steward bot to automatically monitor our Scala dependencies. I also set up Github's dependabot to monitor the Python dependencies Glow requires at runtime (it's not monitoring the dev dependencies).
What changes are proposed in this pull request?
@bboutkov noted that we have some vulnerable dependencies listed on https://mvnrepository.com/artifact/io.projectglow/glow-spark3_2.12/1.2.1. This PR updates the vulnerable dependencies and enables the Scala steward bot to automatically monitor our Scala dependencies. I also set up Github's dependabot to monitor the Python dependencies Glow requires at runtime (it's not monitoring the dev dependencies).
How is this patch tested?
(Details)