AvaloniaUI
Update dependencies
What does the pull request do?
Address CVE-2024-30105 in System.Text.Json #114 Added an Dependabot.yml so, that dependencies are checked automaticly
Scope of this PR:
- [X] fix or update to an existing sample
- [ ] add a new sample
What is the current behavior?
Dependencies are not checked for vulnerabilities. Project has vulnerability.
Checklist
If this is a new Sample
- [ ] Added a ReadMe-file
- [ ] Updated the landing page
- [ ] Consider submitting a PR to https://github.com/AvaloniaUI/avalonia-docs with a link to your sample in the related documentation page
In any case
- [ ] Spell-checking done
- [ ] Checked if all hyperlinks work
- [ ] Checked if all images are visible
Fixed issues
Fixes #114
Added an Dependabot.yml so, that dependencies are checked automaticly
We would prefer to avoid dependabot
Added an Dependabot.yml so, that dependencies are checked automaticly
We would prefer to avoid dependabot
Is there a reason to for this ? Wouldn't it be a good thing to have an alert, if something is out of order ? BTW, Dependabot does NOT change anything on it's own, it just makes a branch, you can still decide to merge it or close/delete it.
Better to switch to central package management for this repository.
Yes, that would be better, but also a bigger change. IMHO frequent small steps in the right direction are better than a big step that never happens.
Better to switch to central package management for this repository.
Yes, that would be better, but also a bigger change. IMHO frequent small steps in the right direction are better than a big step that never happens.
There is also a downside when switching to central management. As I understand this repository is meant as a showcase for independend projects targeting a specific howto-topic. So is it a good thing to merge the projects with a central package-management?
Thinking further about this one, I kinda like the dependa-bot idea for this repo. We will review this with the team internally again and then decide.
