Re: [GitHub] [flex-blazeds] dependabot[bot] opened a new pull request, #9: Bump xalan from 2.6.0 to 2.7.2

What’s all this dependabot activity? Anyone know? > On Jul 8, 2022, at 2:05 AM, GitBox wrote: > > > dependabot[bot] opened a new pull request, #9: > URL: https://github.com/apache/flex-blazeds/pull/9 > > Bumps xalan from 2.6.0 to 2.7.2. > > > [![Dependabot compatibility > score](https:

Re: [GitHub] [flex-blazeds] dependabot[bot] opened a new pull request, #9: Bump xalan from 2.6.0 to 2.7.2

automated update of dependencies.. i guess it got turned up :) On Fri, Jul 8, 2022 at 11:39 AM Harbs wrote: > What’s all this dependabot activity? > > Anyone know? > > > On Jul 8, 2022, at 2:05 AM, GitBox wrote: > > > > > > dependabot[bot] opened a new pull request, #9: > > URL: https://github.

Re: [GitHub] [flex-blazeds] dependabot[bot] opened a new pull request, #9: Bump xalan from 2.6.0 to 2.7.2

Dependabot automatically submits a pull request to GitHub when a dependency has vulnerabilities and needs updates. Blaze is likely old enough to have a number of dependencies that fit into this category. On 7/8/2022 2:39 AM, Harbs wrote: What’s all this dependabot activity? Anyone know? O