sophie/nuke - git.sad.ovh - sophie's repository hosting

sophie/nuke

Fork 0

Commit graph

Author	SHA1	Message	Date
Xe Iaso	b11d8132dd	chore: add dependabot cooldown (#1302 ) * chore: add dependabot cooldown One of the things I need to worry about with Anubis is the idea that could pwn a dependency and then get malicious code into prod without realizing it, a-la Jia Tan. Given that Anubis relies on tools like Dependabot to manage updating dependencies (good for other reasons), it makes sense to have Dependabot have a 7 day cooldown for new versions of dependencies. This follows the advice from Yossarian on their blog at [1]. Thanks for the post and easy to copy/paste snippets! [1]: https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: update spelling Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>	2025-11-21 19:05:26 +00:00
Patrick Linnane	01c2e45843	dependabot: enable (#189 ) * dependabot: enable Signed-off-by: Patrick Linnane <patrick@linnane.io> * dependabot: group updates Signed-off-by: Patrick Linnane <patrick@linnane.io> --------- Signed-off-by: Patrick Linnane <patrick@linnane.io> Signed-off-by: Xe Iaso <me@xeiaso.net> Co-authored-by: Xe Iaso <me@xeiaso.net>	2025-04-02 00:09:46 -04:00

Author

SHA1

Message

Date

Xe Iaso

b11d8132dd

chore: add dependabot cooldown (#1302 )

* chore: add dependabot cooldown

One of the things I need to worry about with Anubis is the idea that
could pwn a dependency and then get malicious code into prod without
realizing it, a-la Jia Tan. Given that Anubis relies on tools like
Dependabot to manage updating dependencies (good for other reasons),
it makes sense to have Dependabot have a 7 day cooldown for new
versions of dependencies.

This follows the advice from Yossarian on their blog at [1]. Thanks
for the post and easy to copy/paste snippets!

[1]: https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns

Signed-off-by: Xe Iaso <me@xeiaso.net>

* chore: update spelling

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>

2025-11-21 19:05:26 +00:00

Patrick Linnane

01c2e45843

dependabot: enable (#189 )

* dependabot: enable

Signed-off-by: Patrick Linnane <patrick@linnane.io>

* dependabot: group updates

Signed-off-by: Patrick Linnane <patrick@linnane.io>

---------

Signed-off-by: Patrick Linnane <patrick@linnane.io>
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>

2025-04-02 00:09:46 -04:00

2 commits