I’m having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y’all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?

  • Eager Eagle
    link
    fedilink
    English
    02 months ago

    dependabot is a tool for repos, not to apply local changes

    • @just_another_person@lemmy.world
      link
      fedilink
      English
      02 months ago

      I’m aware, but then you mentioned “manual changes”, which connotes “local changes”. Putting up a PR with changes isn’t considered a manual anything.

      • Eager Eagle
        link
        fedilink
        English
        02 months ago

        “manual changes”, which connotes “local changes”

        It doesn’t. Manual as in a PR with upgrades that you’re suggesting yourself, as opposed to running dependabot.

        Putting up a PR with changes isn’t considered a manual anything.

        If I have to open a PR myself, that’s very much a manual change.

        • @just_another_person@lemmy.world
          link
          fedilink
          English
          02 months ago

          I don’t even know what you’re talking about now, so I’m going to stop responding. If Dependabot was already enabled for a project, you probably wouldn’t need to worry, so that negates this entire thread. 🙄