| ▲ | hypeatei 8 hours ago | |
What are the chances of that, though? The same could happen if you wait X amount of days for the version to "mature" as well. A security issue could be found five minutes after you update. EDIT: Github supports this scenario too (as mentioned in the article): https://github.blog/changelog/2025-07-01-dependabot-supports... https://docs.github.com/en/code-security/dependabot/working-... | ||
| ▲ | mirashii 3 hours ago | parent [-] | |
> What are the chances of that, though? The whole premise of the article is that they’re substantially lower, because some time for the ecosystem of dependency scanners and users to detect and report is better than none. | ||