b11d8132dd
* chore: add dependabot cooldown One of the things I need to worry about with Anubis is the idea that could pwn a dependency and then get malicious code into prod without realizing it, a-la Jia Tan. Given that Anubis relies on tools like Dependabot to manage updating dependencies (good for other reasons), it makes sense to have Dependabot have a 7 day cooldown for new versions of dependencies. This follows the advice from Yossarian on their blog at [1]. Thanks for the post and easy to copy/paste snippets! [1]: https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns Signed-off-by: Xe Iaso <me@xeiaso.net> * chore: update spelling Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net>
13 lines
109 B
Text
13 lines
109 B
Text
github
|
|
https
|
|
ssh
|
|
ubuntu
|
|
workarounds
|
|
rjack
|
|
msgbox
|
|
xeact
|
|
ABee
|
|
tencent
|
|
maintnotifications
|
|
azurediamond
|
|
cooldown
|