|
@voltonez | |||||
|
You’ll want to check each package’s changes using the awesome new diff.hex.pm before upgrading, of course
|
||||||
|
||||||
|
Bram Verburg
@voltonez
|
23. sij |
|
OWASP @DependencyTrack now flags available @hexpm package updates. Find the necessary tooling for Mix and Rebar3 projects here hex.pm/packages?searc… pic.twitter.com/HMeAAv5GAx
|
||
|
|
||
|
Marc Worrell 🐰
@mworrell
|
24. sij |
|
Hi Bram, I guess these are the @zotonic dependencies. Could you maybe give us more information how to get this and to help us adding this into to the Zotonic repo (or build)?
|
||
|
|
||
|
Bram Verburg
@voltonez
|
24. sij |
|
Well spotted. You’d need the rebar3_sbom plugin and a Dependency-Track server. I wrote a bit about it here blog.voltone.net/post/24
|
||
|
|
||