← Back to context

Comment by homebrewer

2 months ago

Don't update your dependencies manually. Setup renovate to do it for you, with a delay of at least a couple of weeks, and enable vulnerability alerts so that it opens PRs for publicly known vulnerabilities without delay

https://docs.renovatebot.com/configuration-options/#minimumr...

https://docs.renovatebot.com/presets-default/#enablevulnerab...

5 comments

homebrewer

Reply

collinmanderson 2 months ago

Why was this comment downvoted? Please explain why you disagree.

biggusdickus69 2 months ago
I didn’t downvote, but...
Depending on a commercial service is out of the question for most open source projects.
- isbvhodnvemrwvn 2 months ago
  
  Renovate is not commercial, it's an own source dependabot, quite more copable at that.
  
  2 replies →