Comment on How do you keep track of vulnerabilities?
eager_eagle@lemmy.world 1 month ago“manual changes”, which connotes “local changes”
It doesn’t. Manual as in a PR with upgrades that you’re suggesting yourself, as opposed to running dependabot.
Putting up a PR with changes isn’t considered a manual anything.
If I have to open a PR myself, that’s very much a manual change.
just_another_person@lemmy.world 1 month ago
I don’t even know what you’re talking about now, so I’m going to stop responding. If Dependabot was already enabled for a project, you probably wouldn’t need to worry, so that negates this entire thread. 🙄
eager_eagle@lemmy.world 1 month ago
exactly my point, I’d suggest automating that before I bothered with PRs that upgrade versions, as it’s a waste of time.