dependabot / cli

A tool for testing and debugging Dependabot update jobs.
MIT License
250 stars 38 forks source link

real cli #330

Closed mcandre closed 4 months ago

mcandre commented 5 months ago

Dependabot deserves a genuine CLI tool to safeguard software projects not hosted with GitHub. The world runs on code, but not all of our code is GitHub code.

Until this is done, assume that significant portions of the total technology stack posess large numbers of latent vulnerabilities.

jeffwidman commented 4 months ago

It's not clear what the specific bug is that you're reporting. If you're just here to complain that this isn't a standalone CLI, well, as the project readme states:

This does not create PRs, but outputs data that could be used to create PRs.

This is open source, you're welcome to submit a PR improving things. We are very open to folks sending us PR's to extend this CLI so that it can standalone create PR's... we just haven't had time to get there yet.