简体繁体 English

Dependabot 可以建议直接依赖的补丁吗？

[英]Can dependabot suggest patches for direct dependency?

原文 2022-06-16 10:20:46 0 1 node.js/ security/ github/ npm/ dependabot

Currently, dependabot suggests only the vulnerable package patch version(fix) but If I need to upgrade only the direct dependency which consumes the fix.目前，dependabot 仅建议易受攻击的软件包补丁版本（修复），但如果我只需要升级使用修复的直接依赖项。

Is that possible with dependabot?用dependabot可以吗？
Is this feature part of the backlog?这个功能是积压的一部分吗？

1 个解决方案

No, Dependabot checks whether it's possible to upgrade the vulnerable dependency to a fixed version without disrupting the dependency graph for the repository.不，Dependabot 检查是否可以将易受攻击的依赖项升级到固定版本，而不会破坏存储库的依赖关系图。 Then Dependabot raises a pull request to update the dependency to the minimum version that includes the patch.然后 Dependabot 提出一个拉取请求，将依赖项更新到包含补丁的最低版本。

为什么我不能同时应用JSON补丁？ - Why I can't apply JSON patches either direction?

覆盖 react-error-overlay@^6.0.9 与直接依赖冲突 - Override for react-error-overlay@^6.0.9 conflicts with direct dependency

为什么PaaS提供程序建议在部署过程中安装依赖项？（对于PHP或NodeJS以及其他可能的对象） - Why do PaaS provider suggest Dependency installation during deployment? (for PHP or NodeJS and probably others)

NPM是否可以在“ npm install”命令之后建议其他软件包和可选软件包？ - Can NPM suggest additional and optional packages after `npm install` command?

纱线可以检查特定的依赖关系吗？ - Can yarn check a particular dependency?

在这种情况下如何获取复选框值和按钮值？任何人都可以建议 - How I can get check box value and button value in this stuation? Can any one have suggest

我该如何解决以下任何一个错误，建议我 - how can I Fix below error any one please suggest me

有人可以建议使用单行正则表达式来解析带有 - 或 / 分隔符的字母数字和可选数字 ID 吗？ - Can someone suggest a one-line regex to parse out alphanumeric and optional numeric ids with either a - or / separator?

我陷入了回调地狱，谁能建议最好的方法来完成这项工作？ - I am stuck in callback hell.Can anyone suggest best method to do the job?

建议命令不起作用，因为“TypeError：无法读取属性‘执行’未定义” - Suggest command not working because "TypeError: can't read property 'execute' undefined"

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为什么我不能同时应用JSON补丁？ - Why I can't apply JSON patches either direction? 覆盖 react-error-overlay@^6.0.9 与直接依赖冲突 - Override for react-error-overlay@^6.0.9 conflicts with direct dependency 为什么PaaS提供程序建议在部署过程中安装依赖项？（对于PHP或NodeJS以及其他可能的对象） - Why do PaaS provider suggest Dependency installation during deployment? (for PHP or NodeJS and probably others) NPM是否可以在“ npm install”命令之后建议其他软件包和可选软件包？ - Can NPM suggest additional and optional packages after `npm install` command? 纱线可以检查特定的依赖关系吗？ - Can yarn check a particular dependency? 在这种情况下如何获取复选框值和按钮值？任何人都可以建议 - How I can get check box value and button value in this stuation? Can any one have suggest 我该如何解决以下任何一个错误，建议我 - how can I Fix below error any one please suggest me 有人可以建议使用单行正则表达式来解析带有 - 或 / 分隔符的字母数字和可选数字 ID 吗？ - Can someone suggest a one-line regex to parse out alphanumeric and optional numeric ids with either a - or / separator? 我陷入了回调地狱，谁能建议最好的方法来完成这项工作？ - I am stuck in callback hell.Can anyone suggest best method to do the job? 建议命令不起作用，因为“TypeError：无法读取属性‘执行’未定义” - Suggest command not working because "TypeError: can't read property 'execute' undefined"

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM