Turn Dependabot Off

words.filippo.io

I recommend turning Dependabot off and replacing it with a pair of scheduled GitHub Actions, one running govulncheck, and the other running CI against the latest version of your dependencies.

5 pages link to this URL

Releases · caddyserver/caddy

GitHub Caddyserver May 12, 2026

Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS - caddyserver/caddy

5 inbound links object en repository:29207621

Every dependency you add is a supply chain attack waiting to happen

benhoyt.com Ben Hoyt Jan 1, 2026

Dependencies are a huge supply chain security risk; the more of them you have, and the more often you update, the bigger the attack surface.

0 inbound links en

Wallabako retirement and Readeck adoption

anarc.at Mar 5, 2026

anarcat

0 inbound links website en

Seth Michael Larson

sethmlarson.dev Seth Michael Larson May 27, 2024

Python, open source, and the internet

1 inbound link article en python pypi open source maintainer urllib3 requests http networking security oss

Long Links

Ongoing By Tim Bray Tim Bray Mar 24, 2026

1 inbound link website en