Comment by lazyasciiart 2 months ago My last commit is literally authored by dependabot. 4 comments lazyasciiart Reply sysguest 2 months ago well you know 100% know what dependabot does datsci_est_2015 2 months ago Leaves you open to vulnerabilities in overnight builds of NPM packages that increasingly happen due to LLM slop? __float 2 months ago You can set a minimum age for packages (https://docs.github.com/en/code-security/reference/supply-ch...), though that's not perfect (and becomes less effective if everyone uses it). 1 reply →
sysguest 2 months ago well you know 100% know what dependabot does datsci_est_2015 2 months ago Leaves you open to vulnerabilities in overnight builds of NPM packages that increasingly happen due to LLM slop? __float 2 months ago You can set a minimum age for packages (https://docs.github.com/en/code-security/reference/supply-ch...), though that's not perfect (and becomes less effective if everyone uses it). 1 reply →
datsci_est_2015 2 months ago Leaves you open to vulnerabilities in overnight builds of NPM packages that increasingly happen due to LLM slop? __float 2 months ago You can set a minimum age for packages (https://docs.github.com/en/code-security/reference/supply-ch...), though that's not perfect (and becomes less effective if everyone uses it). 1 reply →
__float 2 months ago You can set a minimum age for packages (https://docs.github.com/en/code-security/reference/supply-ch...), though that's not perfect (and becomes less effective if everyone uses it). 1 reply →
well you know 100% know what dependabot does
Leaves you open to vulnerabilities in overnight builds of NPM packages that increasingly happen due to LLM slop?
You can set a minimum age for packages (https://docs.github.com/en/code-security/reference/supply-ch...), though that's not perfect (and becomes less effective if everyone uses it).
1 reply →