Comment by Cthulhu_

Comment by Cthulhu_ 5 days ago

0 replies

View on Hacker News

Yes, exactly; I followed a Github course at one point and it was Strongly Recommended that you enable Dependabot for your project which will keep your dependencies up to date. It's basically either already enabled or a one-click setup action at this point. The norm that Github pushes is that you should trust them to keep your stuff updated and secure.