Prevent NuGet audit warnings from failing the CI builds and set up automated package updates with Dependabot (OCC-263)
Piedone opened this issue · 0 comments
Piedone commented
Is your feature request related to a problem? Please describe
Vulnerable packages like STJ 8.0.3 can break the CI build, requiring quick fixes like 34ae004.
Describe the solution you'd like
Do what I did for OC: OrchardCMS/OrchardCore#16317. This needs automated package updates with Dependabot though, so these vulnerabilities don't remain for long.
Describe alternatives you've considered
I don't think there's a better approach.