Taming Dependabot
Explore how to tame Dependabot for managing software dependencies efficiently. Understand its integration with CI tools like Jenkins and CircleCI, and learn strategies to handle automatic pull requests and updates to keep projects secure and current.
We'll cover the following...
Overview
In this lesson, we'll discuss how the author worked with Dependabot during their career and go through some key points of working with it.
Author's words about Dependabot
Author's Note
When I started developing in Delphi, the number of dependencies taken on was significantly lower and slower moving than modern JavaScript development. Back then, a project would typically have one or two custom libraries added to the Visual Component Library (VCL), and everything else was custom-built. These libraries may have been updated every year but could typically be left alone for two or three years. It was fairly straightforward to keep them up-to-date, provided that the supplier stayed in business.
Contrast the anecdote above to a Node application—built with the React Starter Kit—which has over 2000 node modules as dependencies. These are continually being updated, and new ...