Supply chain securityGitLab tries to auto-fix the transitive-dep problem it keeps quantifying
GitLab has moved Dependency Scanning Auto-Remediation into beta, aimed squarely at the transitive supply-chain risk it just spent a research cycle measuring. The interesting question is not whether the fix ships, but whether anyone downstream trusts the bot enough to merge it.