Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes


A patched piece of denim from Shutterstock

GitHub can now automagically offer security patches for projects’ third-party dependencies.

The Microsoft-owned source-code management site announced on Wednesday the new beta-grade feature: when enabled, developers will receive automatically generated pull requests that, when accepted, will apply security fixes to a project’s dependencies.

For example, Lindsey is a programmer who maintains a project that makes use of three other packages from outside developers, and opts into this new feature. When one of those packages needs a patch for a security vulnerability, Lindsey gets an automatically generated pull request that, when accepted, will merge the fixed package into the project.

Read more…