slsa-github-generator icon indicating copy to clipboard operation
slsa-github-generator copied to clipboard

Published 20 hours ago verified publisher icon slsa-framework

Renovate lockfile maintenance

Open ianlewis opened this issue 1 year ago • 0 comments

Renovate doesn't seem to update transitive dependencies unless a direct dependency is updated. This means some transitive dependencies with vulnerabilities could go a while before being updated.

https://docs.renovatebot.com/configuration-options/#lockfilemaintenance

ianlewis avatar Jun 07 '24 01:06 ianlewis