JQF icon indicating copy to clipboard operation
JQF copied to clipboard

Published 20 hours ago verified publisher icon rohanpadhye

enable Dependabot v2

Open sullis opened this issue 3 years ago • 1 comments

https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/

sullis avatar Feb 14 '21 21:02 sullis

Thanks! Is there any way to ignore checks for the examples module? This module specifically points to old sometimes buggy versions for testing. We want to be able to use JQF to reproduce discovering previously known bugs from these old versions (e.g. the Closure Compiler tutorial). This module is not used by jqf-fuzz or jqf-maven-plugin so clients need not worry about pulling vulnerable dependencies when they use JQF externally.

The dependabot doc describes ignore, but that seems to be aimed at specific dependencies, not modules within the repository. An alternative would simply be to have three different directory entries in the dependabot.yml for each of fuzz, instrument, and maven-plugin.

rohanpadhye avatar Feb 15 '21 16:02 rohanpadhye