|
|
|
|
|
|
by ayuhito
48 days ago
|
|
|
At least with our Renovate config, all dependencies have a 7 day cooldown, but marked security updates are immediate. Attackers can’t push a security update without going through the reporting process (e.g. Github CVE), so they can’t necessarily abuse that easily. |
|
|