I’m having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y’all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?

  • just_another_person@lemmy.worldEnglish
    12·
    23 hours ago

    Well a PR means an upstream fix for the project. If you want to scan all your local running things, by all means change whatever you want, but it will just be potentially wiped out by the tool you mentioned if running.

      • just_another_person@lemmy.worldEnglish
        12·
        22 hours ago

        I’m aware, but then you mentioned “manual changes”, which connotes “local changes”. Putting up a PR with changes isn’t considered a manual anything.

        • Eager Eagle@lemmy.worldEnglish
          1·
          22 hours ago

          “manual changes”, which connotes “local changes”

          It doesn’t. Manual as in a PR with upgrades that you’re suggesting yourself, as opposed to running dependabot.

          Putting up a PR with changes isn’t considered a manual anything.

          If I have to open a PR myself, that’s very much a manual change.

          • just_another_person@lemmy.worldEnglish
            12·
            22 hours ago

            I don’t even know what you’re talking about now, so I’m going to stop responding. If Dependabot was already enabled for a project, you probably wouldn’t need to worry, so that negates this entire thread. 🙄

            • Eager Eagle@lemmy.worldEnglish
              1·
              22 hours ago

              exactly my point, I’d suggest automating that before I bothered with PRs that upgrade versions, as it’s a waste of time.