I’m having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y’all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?
Removed by mod
That may work for a handful of projects. It’d be my full time job if I did it for everything I run. Also, I might simply suggest maintainers to adopt dependabot or an alternative before I spend time with manual changes. These things should be automated.
Removed by mod
dependabot is a tool for repos, not to apply local changes
Removed by mod
It doesn’t. Manual as in a PR with upgrades that you’re suggesting yourself, as opposed to running dependabot.
If I have to open a PR myself, that’s very much a manual change.
Removed by mod
exactly my point, I’d suggest automating that before I bothered with PRs that upgrade versions, as it’s a waste of time.