| ▲ | mirashii 9 hours ago | |||||||
The check frequency isn't the problem, it's the latency between release and update. If a package was released 5 minutes before dependabot runs and you still update to it, your lower frequency hasn't really done anything. | ||||||||
| ▲ | hypeatei 8 hours ago | parent [-] | |||||||
What are the chances of that, though? The same could happen if you wait X amount of days for the version to "mature" as well. A security issue could be found five minutes after you update. EDIT: Github supports this scenario too (as mentioned in the article): https://github.blog/changelog/2025-07-01-dependabot-supports... https://docs.github.com/en/code-security/dependabot/working-... | ||||||||
| ||||||||