Comment on How do you keep track of vulnerabilities?
just_another_person@lemmy.world 5 weeks agoI’m aware, but then you mentioned “manual changes”, which connotes “local changes”. Putting up a PR with changes isn’t considered a manual anything.
Comment on How do you keep track of vulnerabilities?
just_another_person@lemmy.world 5 weeks agoI’m aware, but then you mentioned “manual changes”, which connotes “local changes”. Putting up a PR with changes isn’t considered a manual anything.
eager_eagle@lemmy.world 5 weeks ago
It doesn’t. Manual as in a PR with upgrades that you’re suggesting yourself, as opposed to running dependabot.
If I have to open a PR myself, that’s very much a manual change.
just_another_person@lemmy.world 5 weeks ago
I don’t even know what you’re talking about now, so I’m going to stop responding. If Dependabot was already enabled for a project, you probably wouldn’t need to worry, so that negates this entire thread. 🙄
eager_eagle@lemmy.world 5 weeks ago
exactly my point, I’d suggest automating that before I bothered with PRs that upgrade versions, as it’s a waste of time.