dependabot-core
CodeTriage
Our great sponsors
dependabot-core | CodeTriage | |
---|---|---|
30 | 80 | |
3,858 | 1,377 | |
2.1% | 0.7% | |
10.0 | 7.4 | |
4 days ago | 4 months ago | |
Ruby | Ruby | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dependabot-core
-
Why I recommend Renovate over any other dependency update tools
Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)
Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).
-
Storybook 8
Storybook is great and all, but these days nearly every Dependabot alert I get is about a sub-dependency of Storybook. Since Dependabot doesn't currently allow you to ignore dev dependencies and only check production dependencies [0], this makes Storybook a Big Noise Generator and every time I dismiss another alert from it, I can't help but wonder if there's a better option out there.
[0] https://github.com/dependabot/dependabot-core/issues/2521
-
Keeping dependencies in your GitHub projects up-to-date with Dependabot
P.S. While this being a powerful and handy tool itself, it is only a part of Dependabotâs capabilities. If you are interested, youâll find more about them in the GitHub docs.
-
How to Manage Helm Chart Dependency Versions?
Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.
-
Dependabot vs RenovateBot
- https://github.com/dependabot/dependabot-core
-
Introducing Bld: A New Pure Java Build System
An important point is that this kind of metadata often needs to be accessible from outside the build system itself. You need that for example in order to integration with renovate-bot or github's dependabot, to check your dependencies against CVEs, to build SBOMs and various other additional tasks that are not part of the build itself, but related to the build's metadata. This is all functionality I don't want to reimplement, I want to use what's already out there. And for that the build system needs to have some minimum amount of compatibility with existing standard metadata files like pom.xml or build.gradle
-
OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean
To avoid any potential data breaches, it is recommended that users upgrade to a patched version of MinIO (RELEASE.2023-03-20T20-16-18Z) and integrate security tooling such as docker-cli-scan or use Githubâs built-in monitoring for supply chain vulnerabilities, which already contains a record referencing this vulnerability.
-
OCI Helm chat repo with common apps
I recognize that it does not handle chart updates, but it's might still ease the burden of applying minor releases easily etc. For the chart versions themselves, unfortunately dependabot does not support this and will not, but something like renovatebot does. Could be worth looking into as a dual approach
-
Private profiles are now generally available on GitHub
Disclosure: Renovate author
Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.
Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...
-
We use Dependabot to secure GitHub
Waiting for Yarn v2/v3 support in Dependabot has been a saga.
https://github.com/dependabot/dependabot-core/issues/1297
CodeTriage
- Ask HN: Anyone looking for contributors for their open source projects
-
đź 50 Tips to Land a Remote Tech Job Based on My 45-Day Journey to 2 Offers
3. Open Source Contribution
-
Docs Deserve More Respect
I wrote a book with a chapter on how to write docs for other peopleâs code https://howtoopensource.dev
I also wrote an open source tool for writing and testing tutorials https://github.com/zombocom/rundoc and another that will email you undocumented methods of open source code so you can practice writing documentation https://www.codetriage.com/.
-
Where to Find Open Source Projects for Contribution?
CodeTriage helps you contribute to open source by âpicking a handful of open issues and delivering them directly to your inboxâ. (Source: CodeTriage)
- Ask HN: Whatâs the best way to start contributing to Open Source?
-
Idea for project for intermediate c developper
Here are open source projects listed https://www.codetriage.com/ You can filter for "C".
-
Cookpad to discontinue Ruby interpreter development - let's help Koichi and Mame land a new job or support them via GH sponsors
The biggest untaped potential (IMHO) is not one company funding 1 full time maintainer, but EVERY company allowing and encouraging EVERY developer to help and work with open source. This was the basis of my web app https://www.codetriage.com/. I have a chapter on it in my book How to Open Source (https://howtoopensource.dev/), and I talked to Yehuda about it for about an hour after my last talk at Philly ETE.
-
What do i do to become hireable?
You can also use websites like up-for-grabs, goodfirstissue, or CodeTriage to find projects with open issues. Find one that looks easy or interesting to you and comment on it, asking if you can take a shot at it.
-
Student looking to contribute to open source
I recommend these resources to help you contribute https://www.codetriage.com/ (free) and https://howtoopensource.dev/ (paid). DM if you canât afford a copy.
- Are there any open source projects on Github that a person can get involved in if they want to start helping with coding projects? I was thinking if a person wanted to get some credit for coding something that actually got implemented in a project?
What are some alternatives?
renovate - Universal dependency automation tool.
first-contributions - đ⨠Help beginners to contribute to open source projects
gradle-versions-plugin - Gradle plugin to discover dependency updates
Cataclysm-DDA - Cataclysm - Dark Days Ahead. A turn-based survival game set in a post-apocalyptic world.
fetch-metadata - Extract information about the dependencies being updated by a Dependabot-generated PR.
awesome-for-beginners - A list of awesome beginners-friendly projects.
dockerfile-samples - Dockerfile samples to make your life easier
htop - htop - an interactive process viewer
licensed - A Ruby gem to cache and verify the licenses of dependencies
good-first-issue - Make your first open-source contribution.
chaskiq - A full featured Live Chat, Support & Marketing platform, alternative to Intercom, Drift, Crisp, etc from cience.com
Open-Source-Ruby-and-Rails-Apps - Awesome Ruby and Rails Open Source applications đ