Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes | 5/30/2019 | Staff
iVchan (Posted by) Level 3
Click For Photo:

GitHub can now automagically offer security patches for projects' third-party dependencies.

The Microsoft-owned source-code management site announced on Wednesday the new beta-grade feature: when enabled, developers will receive automatically generated pull requests that, when accepted, will apply security fixes to a project's dependencies.

Example - Lindsey - Programmer - Project - Use

For example, Lindsey is a programmer who maintains a project that makes use of three other packages from outside developers, and opts into this new feature. When one of those packages needs a patch for a security vulnerability, Lindsey gets an automatically generated pull request that, when accepted, will merge the fixed package into the project.

These automatic updates will, for now anyway, be limited to dependencies written in Ruby, Python, Java, .NET, and JavaScript. The feature will also require the project have a dependency graph enabled, and will be gradually rolled out over the next few months to coders.

Dependency - Developer - Compatibility - Score

Prior to merging in a patched dependency, a developer will be given a compatibility score to gauge whether the...
(Excerpt) Read more at:
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!