OrchardCMS/OrchardCore.Commerce

Prevent NuGet audit warnings from failing the CI builds and set up automated package updates with Dependabot (OCC-263)

Piedone opened this issue · 0 comments

Is your feature request related to a problem? Please describe

Vulnerable packages like STJ 8.0.3 can break the CI build, requiring quick fixes like 34ae004.

Describe the solution you'd like

Do what I did for OC: OrchardCMS/OrchardCore#16317. This needs automated package updates with Dependabot though, so these vulnerabilities don't remain for long.

Describe alternatives you've considered

I don't think there's a better approach.

Jira issue