Click For Photo: https://regmedia.co.uk/2019/05/29/shutterstock_441757531.jpg
GitHub can now automagically offer security patches for projects' third-party dependencies.
The Microsoft-owned source-code management site announced on Wednesday the new beta-grade feature: when enabled, developers will receive automatically generated pull requests that, when accepted, will apply security fixes to a project's dependencies.
Example - Lindsey - Programmer - Project - Use
For example, Lindsey is a programmer who maintains a project that makes use of three other packages from outside developers, and opts into this new feature. When one of those packages needs a patch for a security vulnerability, Lindsey gets an automatically generated pull request that, when accepted, will merge the fixed package into the project.
Dependency - Developer - Compatibility - Score
Prior to merging in a patched dependency, a developer will be given a compatibility score to gauge whether the...
Wake Up To Breaking News!