|
|
|
|
|
|
by coder543
1540 days ago
|
|
|
Dependabot gives you an easy way to review every single commit that went into a dependency update before you merge it. Dependabot is by far the most convenient way that I’ve seen to actually check that your dependency updates are not overtly malicious. It's not some tool that just removes your lockfiles behind your back, as you seem to be implying. |
|
|