/mf2/2026/02/lbl6n/ · Jamie Tanna

Liked Filippo Valsorda (@filippo@abyssdomain.expert)

Post details

Dependabot security alerts have terrible signal-to-noise ratio, especially for Go vulnerabilities. That hurts security! Just turn it off and set up a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies. Less work, less risk, better results! https://words.filippo.io/dependabot/?source=Mastodon

Fri, 20 Feb 2026 20:35 by Jamie Tanna .

This post was filed under likes.

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.