Closed dorner closed 3 months ago
@dorner I grok that -- only thing I would want to ask is whether there is any security downside, and how we might mitigate it if there is?
It's incredibly rare for a security problem to be so bad that you have to update in less than a month. We don't upgrade Ruby versions for well over a year, and it's far more likely for security to be addressed in big packages like Ruby or Rails, which generally aren't covered by Dependabot because they need manual work.
@dorner: Your PR Update dependabot.yml
is part of today's Human Essentials production release: 2024.06.23.
Thank you very much for your contribution!
Daily updates are really annoying. Much prefer monthly so I can knock them out at once.