Yet another reason I see nothing wrong with Microsoft taking over GitHub is that there have been a log of developer-centric improvements with GitHub as a platform that were never envisioned for Git itself. One of them is Dependabot. For the higher profile libraries (like the YAML one here) I get nice analysis that suggests I fix things. I even get this wonderful notification during my commit (because I don’t read the emails).
Enumerating objects: 11, done.
Counting objects: 100% (11/11), done.
Compressing objects: 100% (6/6), done.
Writing objects: 100% (6/6), 2.85 KiB | 971.00 KiB/s, done.
Total 6 (delta 5), reused 0 (delta 0)
remote: Resolving deltas: 100% (5/5), completed with 5 local objects.
remote:
remote: GitHub found 1 vulnerability on rwxrob/web's default branch (1 moderate). To find out more, visit:
remote: https://github.com/rwxrob/web/security/dependabot/1
remote:
To github.com:rwxrob/web.git
2f60f96..3b86232 main -> main
Bravo GitHub! This is amazing. Thanks for all you do to improve open source development for everyone and make the world a better/safer place.
#github #dependabot