Git - Dependabot Pull Request 
28 Apr 25
Received 4 Github Dependbot Security Pull Requests.
In Github, see Files changed to see just the gemfile.lock has changed. This means that the gemfile is flexible enough to allow the update and when run, Bundler will therefore be able to see the update, install it and update the gemfile.lock accordingly.
Merging the pull request (pertaining to Brakeman for example) is therefore broadly equivalent to running locally
In Github, see Files changed to see just the gemfile.lock has changed. This means that the gemfile is flexible enough to allow the update and when run, Bundler will therefore be able to see the update, install it and update the gemfile.lock accordingly.
Merging the pull request (pertaining to Brakeman for example) is therefore broadly equivalent to running locally
$bundle update Brakeman
Having merged all 4 PRs, I ran locally
$git pull origin main $bundle
This brings local and remote repo in line.
