derekeder
commented
1 year ago this is now handled pretty well with GitHub's dependabot and security features. is there anything to do here?
Closed hancush closed 10 months ago
derekeder
commented
1 year ago this is now handled pretty well with GitHub's dependabot and security features. is there anything to do here?
smcalilly
commented
10 months ago This would be a good opportunity to come up with a best practice for dependabot. Do we just let it automatically make changes, or do we want to review the changes? In either case, is there a severity level threshold where it's automatic (like a high severity we let it automatically make the changes?)
hancush
commented
10 months ago As a starting point, Jean and I contemplated a strategy here: https://github.com/datamade/devops/issues/128#issuecomment-668202458
Documentation request
Ported from https://github.com/datamade/devops/issues/128, strategy outlined in https://github.com/datamade/devops/issues/128#issuecomment-668202458.