I’ve used dependabot but I don’t think it’s enough. Yes it submits PRs but if the fix is not something in your dependencies directly, then it doesn’t help much. Plus, there are some issues that dependabot doesn’t catch for some reason.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I’ve used dependabot but I don’t think it’s enough. Yes it submits PRs but if the fix is not something in your dependencies directly, then it doesn’t help much. Plus, there are some issues that dependabot doesn’t catch for some reason.