alt Hacker NewsThis is exactly how developers of malware want you to behave. Update without really thinking about it.
I do wonder how long it will take before an attack is developed by submitting a semi-genuine vulnerability, shortly followed by a ‘fix’ including malicious code.
Replies
KptMarchewa • today at 8:30 AM
Dependency cooldowns fix most of those problems.
The cooldown setting in dependabot solves this attack vector. By setting it you give security vendors time to scan new packages.