I have one single GitHub repo that uses npm with modern JavaScript frameworks and I am CONSTANTLY bombarded by emails telling me to bump dependencies.

How do you people live like this

  • 5
    There were some security issues in lodash recently, and since it is a dependency of a lot of other packages, you might have to merge a PR that a GH bot creates to bump the dependency versions. Otherwise it's up to you to set your email preferences properly.
  • 2
    What @kamen said. That said, dependabot is hella annoying given most of the time it's bitching about build time deps.
  • 0
    Archive it, it will become readonly
  • 0
    Blame the lodash dev for being an absolute dickwaffle
Add Comment