| ▲ | Every dependency you add is a supply chain attack waiting to happen(benhoyt.com) | |
| 1 points by ingve 12 hours ago | 2 comments | ||
| ▲ | politelemon 9 hours ago | parent | next [-] | |
I would recommend adding a delay to your dependabot updates and grouping the updates together into one pull request. Despite the noise produced it's a useful tool in that it calls for your attention. It's all in the configuration: https://docs.github.com/en/code-security/reference/supply-ch... | ||
| ▲ | Serhii-Set 10 hours ago | parent | prev [-] | |
[dead] | ||