alt Hacker NewsIf you auto merge those PRs you're back to square 1 as you're not vetting your dependency updates. And if you don't, you incur operational overhead unless you put in a fair amount of effort centralizing. Wrote a couple of posts that touched on this https://developerwithacat.com/blog/202604/github-actions-sup...
Replies
arionmiles • today at 4:30 AM
Valid point. We have minimum age requirements set on some rules to avoid absorbing every latest change instantly.
➕ show 1 reply
How many people actually audit the code changes in their dependencies when updating them?