|
|
|
|
|
|
by woodruffw
210 days ago
|
|
|
The article assumes that engineers have the technical wherewithal to know when they should manually upgrade their dependencies! Clearly I should have mentioned that Dependabot (and probably others) don't consider cooldown when suggesting security upgrades. That's documented here[1]. [1]: https://docs.github.com/en/code-security/dependabot/working-... |
|
|