DEV Community

Discussion on: Pushing Left, Like a Boss — Part 5.2 — Use Safe Dependencies

Collapse
koehntopp profile image
Frank Köhntopp

dependabot.com/ is worth mentioning - it auto-creates pull requests for new versions.

Security is not the only driver, there's a lot of commits making your packages better all the time that you don't want to miss. Applying updates regularly also makes sure you know what you need to do should you need to quickly update in case of a new critical vulnerabilty.

I have watched developers struggle to update from 5 year old versions, it's not a pretty sight ;)

Collapse
shehackspurple profile image
Tanya Janca Author

I've added Dependabot, nice! And I agree, 100%!