https://tosbourn.com/dependabot-cooldown/
Get some extra safeguarding for your dependencies for free
dependabot
https://github.com/torproject/community/pull/176
Bumps minimist from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted...
bump
https://help.cloudsmith.io/docs/dependabot
How to integrate Github Dependabot with Cloudsmith
dependabot
https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates
You can use Dependabot security updates or manual pull requests to easily update vulnerable dependencies.
security updatesgithub docsconfiguringdependabot
https://github.com/dependabot
Automated dependency updates built into GitHub. Dependabot has 26 repositories available. Follow their code on GitHub.
dependabotgithub
https://github.com/torproject/community/pull/182
Bumps json5 from 2.1.3 to 2.2.3. Release notes Sourced from json5's releases. v2.2.3 Fix: json5@2.2.3 is now the 'latest' release according to npm...
bump
https://github.blog/security/application-security/cutting-through-the-noise-how-to-prioritize-dependabot-alerts/
Learn how to effectively prioritize alerts so you can focus on the most critical vulnerabilities first.
cuttingnoiseprioritizedependabotalerts
https://github.blog/security/supply-chain-security/dependabot-relieves-alert-fatigue-from-npm-devdependencies/
May 4, 2023 - A new alert rules engine for Dependabot leverages alert metadata to identify and auto-dismiss up to 15% of alerts as false positives.
github blogdependabotrelievesalertfatigue
https://github.com/torproject/community/pull/177
Bumps copy-props from 2.0.4 to 2.0.5. Release notes Sourced from copy-props's releases. 2.0.5 Fix Avoids prototype pollution (#7) Doc Update license years....
bumpcopyprops