tomhughes left a comment (openstreetmap/openstreetmap-website#6332)
I understand the logic of pinning, but when dependabot opens a PR to update the
pin to a new version how am I supposed to evaluate if that is a genuine version
or a bugged/infected/malicious version?
Without that it just becomes me manually doing what happens automatically now...
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6332#issuecomment-3199834448
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/6332/c3199834...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
