DEV Community

Discussion on: Pushing Left, Like a Boss — Part 5.2 — Use Safe Dependencies

koehntopp profile image
Frank Köhntopp is worth mentioning - it auto-creates pull requests for new versions.

Security is not the only driver, there's a lot of commits making your packages better all the time that you don't want to miss. Applying updates regularly also makes sure you know what you need to do should you need to quickly update in case of a new critical vulnerabilty.

I have watched developers struggle to update from 5 year old versions, it's not a pretty sight ;)

shehackspurple profile image
Tanya Janca Author

I've added Dependabot, nice! And I agree, 100%!