dependabot-core VS Discourse

Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)

Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).

Storybook is great and all, but these days nearly every Dependabot alert I get is about a sub-dependency of Storybook. Since Dependabot doesn't currently allow you to ignore dev dependencies and only check production dependencies [0], this makes Storybook a Big Noise Generator and every time I dismiss another alert from it, I can't help but wonder if there's a better option out there.

[0] https://github.com/dependabot/dependabot-core/issues/2521

P.S. While this being a powerful and handy tool itself, it is only a part of Dependabot’s capabilities. If you are interested, you’ll find more about them in the GitHub docs.

Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.

- https://github.com/dependabot/dependabot-core

An important point is that this kind of metadata often needs to be accessible from outside the build system itself. You need that for example in order to integration with renovate-bot or github's dependabot, to check your dependencies against CVEs, to build SBOMs and various other additional tasks that are not part of the build itself, but related to the build's metadata. This is all functionality I don't want to reimplement, I want to use what's already out there. And for that the build system needs to have some minimum amount of compatibility with existing standard metadata files like pom.xml or build.gradle

To avoid any potential data breaches, it is recommended that users upgrade to a patched version of MinIO (RELEASE.2023-03-20T20-16-18Z) and integrate security tooling such as docker-cli-scan or use Github’s built-in monitoring for supply chain vulnerabilities, which already contains a record referencing this vulnerability.

I recognize that it does not handle chart updates, but it's might still ease the burden of applying minor releases easily etc. For the chart versions themselves, unfortunately dependabot does not support this and will not, but something like renovatebot does. Could be worth looking into as a dual approach

Disclosure: Renovate author

Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.

Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...

Waiting for Yarn v2/v3 support in Dependabot has been a saga.

https://github.com/dependabot/dependabot-core/issues/1297

> Tell me another platform that is free, has realtime chat, voice and video, has stable service, allows sharing images and other media, with good ownership management... and is open source.

Mattermost: https://mattermost.com/

Rocket.Chat: https://www.rocket.chat/

Nextcloud Talk: https://nextcloud.com/talk/

Self hosting and some assembly required. I've run all of them on cheap VPSes to explore a Slack/Discord replacement, neither was mindblowing but all of them seemed okay (Nextcloud's offering was rather barebones, though).

Audio and video support varies because getting those right is challenging, at best you'd just integrate with something like Jitsi, that one's actually pretty good for meetings and such: https://jitsi.org/ and has a cloud version too: https://meet.jit.si/ (yet people still go for Zoom and it's odd UI/UX choices)

I actually rather liked forums back in the day, but I guess nobody will be setting up that many phpBB instances in the current year, though projects like Discourse also seem promising: https://www.discourse.org/

I don't think many people at all will be leaving Discord, due to how entrenched the platform is (network effect): if you want people to help you with what you're working on, you go where they are, not vice versa.

Discourse is also open source https://github.com/discourse/discourse

I disagree. Lots of communities, e.g. Julia or Stan, use https://www.discourse.org. Discourse is GPL2 and emulates old Internet forums.

Why isn't Discourse being listed here for forum software? It's open source and designed for modern communities. https://www.discourse.org/

Discourse is open source: https://github.com/discourse/discourse

You could hook it up to a mail provider and can host it yourself for less if you wanted.

I was reading mastodon.social's privacy policy, and noticed that the link at the bottom to Discourse's privacy policy links to Discourse's Github. I'm surprised because I thought it would be the privacy policy on discourse.org.

Yep. Any platform run by someone else can kick you off for any reason, and time.

You should consider looking into running discourse, which is a modernized forum software: https://github.com/discourse/discourse

Nice examples of what it looks like:

https://discourse.nixos.org/

https://forum.level1techs.com/

As a bonus, the content and community will be accessible to search engines, so it’s easy to find answers to problems that gave been already been addressed.

In general, consider combining the two, where discourse is the anchor of the community that can’t be yanked out from under you, while discord is the one that sells the data from your players in exchange for free voice and text chat.

It’s also possible to enable logging in with discord credentials https://meta.discourse.org/t/configure-discord-login-for-dis...

As well as pushing content from discord to discourse so it’s not hidden and losable: https://blog.discourse.org/2021/05/discord-and-discourse-bet...

So, I'm asking myself if you would be interested in joining a good old-fashioned forum (probably using discourse as software) in order to communicate with other gifted people around the globe. And please add any ideas you might have for a platform like this.