Can't wait for chatbots to start writing unit tests and Pull Requests for me.
Chatbot: DRY this code for me.
@Br3nda Dependabot is already bad enough
@mcc what do you mean? Dependabot has been great.
@Br3nda My experience of Dependabot has been
- I have 2-3 JS old repos which build webapps using WebPack.
- Webpack necessarily has many dependencies.
- EVERY TIME one of those has a security flaw, Dependabot makes a PR to 3 dead repos.
- But upgrading wouldn't help me, because *the security flaw isn't in my app*, it's in WebPack, which means it no longer matters by the time my app is running.
@Powareverb @Br3nda it's a thing to be worried about but nevertheless given this exact known situation I am not going to merge, close, or otherwise acknowledge those PRs, ever
@mcc @Powareverb Meh. If there's a published security flaw in a dev tool I still want to patch it. The automation of has been great.
@Br3nda @Powareverb For example, I have this repository where each branch is a one-off demonstration of a bug I submitted to an issue in another github repository. It is there for archival purposes, not to be run, and patching any given branch is sorta pointless since often I link to specific commits not branches. https://github.com/mcclure/ts-hello-bug
@mcc @Powareverb okay, so why did you turn on dependabot on that?
@Br3nda @Powareverb To my knowledge I have never turned on dependabot. It's just on for some repositories.
I guess I could turn it off, but I never bothered to look up how until we had this conversation forcing me to think about it for longer than a half-second of irritation
@Br3nda
“Did stuff”
+ 172: thingTest: pass()