Can dependabot suggest patches for direct dependency?
Question
Currently, dependabot suggests only the vulnerable package patch version(fix) but If I need to upgrade only the direct dependency which consumes the fix.
- Is that possible with dependabot?
- Is this feature part of the backlog?
1 answers
solution1
1 2022-06-16 10:29:26
No, Dependabot checks whether it's possible to upgrade the vulnerable dependency to a fixed version without disrupting the dependency graph for the repository. Then Dependabot raises a pull request to update the dependency to the minimum version that includes the patch.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Why I can't apply JSON patches either direction?
Override for react-error-overlay@^6.0.9 conflicts with direct dependency
Why do PaaS provider suggest Dependency installation during deployment? (for PHP or NodeJS and probably others)
Can NPM suggest additional and optional packages after `npm install` command?
Can yarn check a particular dependency?
How I can get check box value and button value in this stuation? Can any one have suggest
how can I Fix below error any one please suggest me
Can someone suggest a one-line regex to parse out alphanumeric and optional numeric ids with either a - or / separator?
I am stuck in callback hell.Can anyone suggest best method to do the job?
Suggest command not working because "TypeError: can't read property 'execute' undefined"
Related Tags