Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don’t have experience with dependabot at all. I didn’t realize it was satire. I just kept thinking, “This sounds like terrible advice. This can’t be right.”


This is not satire.

If you have a large dependency graph, you are going to have a lot of vulnerable stuff.

Letting one computer send you patches and the other computer merge it for you when all your tests pass is a good thing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: