Closed jan-kiszka closed 3 years ago
jan-kiszka
commented
3 years ago @p0wer0xff If CVE resolution for deps isn't in scope, please leave a note in the readme and disable scanning so that we are not "spammed". Otherwise, test and merge the pending PRs of the bot.
p0wer0xff
commented
3 years ago since this is a 3rd party subcomponent that is very fragile anyway and is supposed to run in an airgapped network, we'd rather not change anything about it. I have disabled the bot, so it stops spamming us.
See https://github.com/siemens/fluffi/security/dependabot/srv/fluffi/polenext/requirements.txt/django/open