Dependabot
@dependabot.bsky.social
Automated dependency updates built into GitHub.
(This is a joke, @RangerRick.bsky.social runs this account. He is not a robot, as far as you know.)
(This is a joke, @RangerRick.bsky.social runs this account. He is not a robot, as far as you know.)
Oh cool, I see you put out a new release!
Guess I should double-check all your dependencies, just in case. Look at that, you've got a Django update! It fixes a number of vulnerabilities, you should probably fix that before releasing.
Oh, you already tagged? Dang, that's rough.
Guess I should double-check all your dependencies, just in case. Look at that, you've got a Django update! It fixes a number of vulnerabilities, you should probably fix that before releasing.
Oh, you already tagged? Dang, that's rough.
August 29, 2024 at 3:08 PM
Oh cool, I see you put out a new release!
Guess I should double-check all your dependencies, just in case. Look at that, you've got a Django update! It fixes a number of vulnerabilities, you should probably fix that before releasing.
Oh, you already tagged? Dang, that's rough.
Guess I should double-check all your dependencies, just in case. Look at that, you've got a Django update! It fixes a number of vulnerabilities, you should probably fix that before releasing.
Oh, you already tagged? Dang, that's rough.
You're back from the holidays. It's a new year. But something feels off… Your coworkers, don't care about you, they didn't even think about you during the break.
There's only one person that thought about you while you were gone: dependabot
So are you gonna update those eslint deps or what?!?
There's only one person that thought about you while you were gone: dependabot
So are you gonna update those eslint deps or what?!?
January 3, 2024 at 2:26 PM
You're back from the holidays. It's a new year. But something feels off… Your coworkers, don't care about you, they didn't even think about you during the break.
There's only one person that thought about you while you were gone: dependabot
So are you gonna update those eslint deps or what?!?
There's only one person that thought about you while you were gone: dependabot
So are you gonna update those eslint deps or what?!?
awww shit, here we go again
November 20, 2023 at 3:26 PM
awww shit, here we go again
Holy shit, dude, you're still using Guava _16_? Seriously, what the heck? Might as well put a little "CVE" sticker on the front page of your app.
If you're only using it to call `Sets.newHashSet()` or something I swear I'm gonna punch someone in the nuts.
*looks at code*
If you're only using it to call `Sets.newHashSet()` or something I swear I'm gonna punch someone in the nuts.
*looks at code*
November 1, 2023 at 9:09 PM
Holy shit, dude, you're still using Guava _16_? Seriously, what the heck? Might as well put a little "CVE" sticker on the front page of your app.
If you're only using it to call `Sets.newHashSet()` or something I swear I'm gonna punch someone in the nuts.
*looks at code*
If you're only using it to call `Sets.newHashSet()` or something I swear I'm gonna punch someone in the nuts.
*looks at code*
FYI you've got some updates, but that's not what this is about.
I have a question: do you *need* to depend on 7 different versions of `rimraf` across 15 different deps? Have you considered that just 'cause npm makes it easy to add a dep, it doesn't mean you have to?
Just some food for thought.
I have a question: do you *need* to depend on 7 different versions of `rimraf` across 15 different deps? Have you considered that just 'cause npm makes it easy to add a dep, it doesn't mean you have to?
Just some food for thought.
October 25, 2023 at 2:39 PM
FYI you've got some updates, but that's not what this is about.
I have a question: do you *need* to depend on 7 different versions of `rimraf` across 15 different deps? Have you considered that just 'cause npm makes it easy to add a dep, it doesn't mean you have to?
Just some food for thought.
I have a question: do you *need* to depend on 7 different versions of `rimraf` across 15 different deps? Have you considered that just 'cause npm makes it easy to add a dep, it doesn't mean you have to?
Just some food for thought.
(OOC) It occurs to me that I keep making the joke about babel and eslint, but I could honestly just post whenever they are actually released and get the same effect.
Came back from the weekend and I have core-js (another top contender) and eslint waiting for me. 😅
Came back from the weekend and I have core-js (another top contender) and eslint waiting for me. 😅
October 23, 2023 at 2:48 PM
(OOC) It occurs to me that I keep making the joke about babel and eslint, but I could honestly just post whenever they are actually released and get the same effect.
Came back from the weekend and I have core-js (another top contender) and eslint waiting for me. 😅
Came back from the weekend and I have core-js (another top contender) and eslint waiting for me. 😅
Reposted by Dependabot
code should not be 'readable'. it should be a reminder of the hubris of mankind. looking at it should break you in inscrutable yet distinct ways
October 20, 2023 at 3:21 PM
code should not be 'readable'. it should be a reminder of the hubris of mankind. looking at it should break you in inscrutable yet distinct ways
Hey, there's a new update to babel in your node dependencies.
October 20, 2023 at 2:52 PM
Hey, there's a new update to babel in your node dependencies.
Reposted by Dependabot
Shut the FUCK up GitHub Dependabot Alerts
September 26, 2023 at 4:43 PM
Shut the FUCK up GitHub Dependabot Alerts
Reposted by Dependabot
I wonder what the environmental impact is of an update to a popular dependency like lodash in node, or commons-io in maven.
How many CI environments fire up from dependabot pull requests all at once for “fixed a tiny bug in a feature almost no one is using, and updated the README”?
How many CI environments fire up from dependabot pull requests all at once for “fixed a tiny bug in a feature almost no one is using, and updated the README”?
October 7, 2023 at 10:19 AM
I wonder what the environmental impact is of an update to a popular dependency like lodash in node, or commons-io in maven.
How many CI environments fire up from dependabot pull requests all at once for “fixed a tiny bug in a feature almost no one is using, and updated the README”?
How many CI environments fire up from dependabot pull requests all at once for “fixed a tiny bug in a feature almost no one is using, and updated the README”?
Reposted by Dependabot
dependabot: warning. a maliciously crafted input could cause your vs code theme to run 2% slower
October 18, 2023 at 11:44 AM
dependabot: warning. a maliciously crafted input could cause your vs code theme to run 2% slower
I'm not here to judge, but, you remember that big Log4j thing a while back? It was like, in the news and stuff.
Aaanyway, not trying to get on your case but 2.21.0 just came out and maybe it's time to finally update that. I went ahead and closed the 2.20.0 PR for you.
I'm ready whenever you are.
Aaanyway, not trying to get on your case but 2.21.0 just came out and maybe it's time to finally update that. I went ahead and closed the 2.20.0 PR for you.
I'm ready whenever you are.
October 19, 2023 at 8:00 PM
I'm not here to judge, but, you remember that big Log4j thing a while back? It was like, in the news and stuff.
Aaanyway, not trying to get on your case but 2.21.0 just came out and maybe it's time to finally update that. I went ahead and closed the 2.20.0 PR for you.
I'm ready whenever you are.
Aaanyway, not trying to get on your case but 2.21.0 just came out and maybe it's time to finally update that. I went ahead and closed the 2.20.0 PR for you.
I'm ready whenever you are.
Hey, uhh... listen, I know you're busy, but look. There's a *lot* of open pull requests. Are you even working on this project anymore?
Hello? Anyone?
Hello? Anyone?
October 19, 2023 at 3:02 PM
Hey, uhh... listen, I know you're busy, but look. There's a *lot* of open pull requests. Are you even working on this project anymore?
Hello? Anyone?
Hello? Anyone?