Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I use a dependabot config that buckets security updates into a separate pull than other updates. The non-security update PRs are just informational (can disable but I choose to leave them on), and you can actually spend the time to vet the security updates


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: