Is it possible to use Dependabot to keep dependencys up to date? Or alternatively Renovatebot is also an option.
Hello,
We do have dependabot alerts activated on our github mirrored repo, and once we get to a production-ready state we will add a step in our pipeline to check for dependencies vulnerability.
For now we do regular updates of our dependencies and we prefer to do that manually anyway as it guaranties accountability to check that nothing breaks or becomes deprecated.
Thanks!