jspeed-meyers
commented
1 year ago cc @jmelot
Closed jspeed-meyers closed 1 year ago
jspeed-meyers
commented
1 year ago cc @jmelot
jmelot
commented
1 year ago I don't think I have a super compelling reason for not doing this. I'm all for it! I've just enabled dependabot security alerts as well.
Mainly curious.
Pinning these could help with reproducibility across machines.
I'm glad to pin them with a PR. And as long as dependabot is activated (it it right now?), then we would get updates.