| ▲ | woodruffw 6 hours ago | |
The article assumes that engineers have the technical wherewithal to know when they should manually upgrade their dependencies! Clearly I should have mentioned that Dependabot (and probably others) don't consider cooldown when suggesting security upgrades. That's documented here[1]. [1]: https://docs.github.com/en/code-security/dependabot/working-... | ||