Open skitt opened 9 months ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
What happened:
Currently, security scanning jobs fail a PR if any of the project’s dependencies are identified as containing a known vulnerability. This prevents us merging PRs when a vulnerability is found, until the project updates to address that.
What you expected to happen:
PRs should only be blocked if they introduce a security vulnerability, i.e. add a dependency with a known vulnerability.