jeffwidman
commented
4 months ago It's not clear what the specific bug is that you're reporting. If you're just here to complain that this isn't a standalone CLI, well, as the project readme states:
This does not create PRs, but outputs data that could be used to create PRs.
This is open source, you're welcome to submit a PR improving things. We are very open to folks sending us PR's to extend this CLI so that it can standalone create PR's... we just haven't had time to get there yet.
Dependabot deserves a genuine CLI tool to safeguard software projects not hosted with GitHub. The world runs on code, but not all of our code is GitHub code.
Until this is done, assume that significant portions of the total technology stack posess large numbers of latent vulnerabilities.