|
|
|
|
|
|
by Tadpole9181
269 days ago
|
|
|
That's unrelated to this. As well, both Dependabot and Renovate in isolated environments withour secrets or privileges, need to be manually approved, and have minimum publication ages before recommending a package update to prevent basic supply chain attacks or lockfile corruption from a pinned package version being de-published (up to a 3 day window on NPM). |
|
|