Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Suggestion: use Dependabot to keep dependencies up-to-date #633

Open
greysteil opened this issue Aug 19, 2018 · 0 comments
Open

Suggestion: use Dependabot to keep dependencies up-to-date #633

greysteil opened this issue Aug 19, 2018 · 0 comments

Comments

@greysteil
Copy link

Hey @leekinney,

First up, thanks for all your work on GDI. You are awesome, and so are the rest of the team .Consistently so impressed by what you do.

I noticed some out-of-date dependencies in the Gemfile and Gemfile.lock for this repo, and some of them are insecure (sprockets and nokogiri are the two I immediately noticed). Would you be up for using a tool I built to keep them up-to-date automatically? It's called Dependabot, is totally free for open source, and shouldn't take more than 30 seconds to get set up. You can run it in "security updates only" mode, or use it to create PRs any time there's any kind of update available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant