dependabot-core
Symfony
Our great sponsors
dependabot-core | Symfony | |
---|---|---|
29 | 151 | |
3,805 | 29,192 | |
2.0% | 0.6% | |
10.0 | 10.0 | |
5 days ago | 5 days ago | |
Ruby | PHP | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dependabot-core
-
Storybook 8
Storybook is great and all, but these days nearly every Dependabot alert I get is about a sub-dependency of Storybook. Since Dependabot doesn't currently allow you to ignore dev dependencies and only check production dependencies [0], this makes Storybook a Big Noise Generator and every time I dismiss another alert from it, I can't help but wonder if there's a better option out there.
[0] https://github.com/dependabot/dependabot-core/issues/2521
-
Keeping dependencies in your GitHub projects up-to-date with Dependabot
P.S. While this being a powerful and handy tool itself, it is only a part of Dependabot’s capabilities. If you are interested, you’ll find more about them in the GitHub docs.
-
How to Manage Helm Chart Dependency Versions?
Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.
-
Dependabot vs RenovateBot
- https://github.com/dependabot/dependabot-core
-
Introducing Bld: A New Pure Java Build System
An important point is that this kind of metadata often needs to be accessible from outside the build system itself. You need that for example in order to integration with renovate-bot or github's dependabot, to check your dependencies against CVEs, to build SBOMs and various other additional tasks that are not part of the build itself, but related to the build's metadata. This is all functionality I don't want to reimplement, I want to use what's already out there. And for that the build system needs to have some minimum amount of compatibility with existing standard metadata files like pom.xml or build.gradle
-
OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean
To avoid any potential data breaches, it is recommended that users upgrade to a patched version of MinIO (RELEASE.2023-03-20T20-16-18Z) and integrate security tooling such as docker-cli-scan or use Github’s built-in monitoring for supply chain vulnerabilities, which already contains a record referencing this vulnerability.
-
OCI Helm chat repo with common apps
I recognize that it does not handle chart updates, but it's might still ease the burden of applying minor releases easily etc. For the chart versions themselves, unfortunately dependabot does not support this and will not, but something like renovatebot does. Could be worth looking into as a dual approach
-
Private profiles are now generally available on GitHub
Disclosure: Renovate author
Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.
Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...
-
We use Dependabot to secure GitHub
I very much appreciate Dependabot! I like how it can pick up dependencies in interesting places.
For example, the Globus @ Stanford web site (https://globus.stanford.edu) uses GitHub Pages (repo at https://github.com/stanford-rc/globus.stanford.edu). I have a Gemfile in the repo: When I want to test changes locally, I use Bundler to install everything I need, and to launch Jekyll. Even though the Gemfile isn't used 'in production', Dependabot still warns me, so that I don't run older, vulnerable software on my laptop.
At the same time, I can't be sure if Dependabot is picking up dependencies for my Python project.
In my latest project (https://github.com/stanford-rc/globus-group-manager), I'm using pyproject.toml to hold all of the Python dependencies for the project, something that Setuptools is now supporting experimentally (woot!). I've configured Dependabot, and it has picked up my repo's `pyproject.toml` file, but I can't tell if it has actually cataloged my Python dependencies.
Looking around the web also does not give me a clear answer. For example, https://github.com/dependabot/feedback/issues/57 is titled "pyproject.toml support", but it refers specifically to Poetry (and indeed, Poetry v1 is listed as supported at https://docs.github.com/en/code-security/dependabot/dependab...). But Setuptools is not.
https://github.community/t//2576 asks about Setuptools support, and has been pretty dormant. I thought setup.cfg was supported after https://github.com/dependabot/dependabot-core/pull/3423, but another project of mine (https://github.com/stanford-rc/mais-apis-python/network/depe...) doesn't show anything for setup.cfg.
> This plus the fact that Dependabot is not able to update Docker Compose files at this time.
https://github.com/dependabot/dependabot-core/issues/390 upvote and/or implement it as a fork and run it in an Action.
> The other problem that I have is there is no easy way (probably for good reason due to potential abuse) to manually trigger Dependabot. So Dependabot might run once a day or not do so for quite a while.
There is, it's just hidden in https://github.com/:org/:repo/network/updates > click "last updated ..." and then click "Check for Updates" and it'll start a manual run.
Symfony
-
Top 12 PHP Frameworks For Web Development in 2024
Symfony is an open-source PHP framework developed by SensioLabs which has a thriving community of over 300,000 developers with 29k stars and 9.4k forks on GitHub. It provides a set of reusable PHP components and a development methodology for building complex and scalable web applications. It is recommended due to its advanced features and user-friendly environment. The user can also develop microservices.
-
Performance benchmark of PHP runtimes
Symfony 7
-
Show HN: Mutable.ai – Turn your codebase into a Wiki
Would be great to see for https://github.com/symfony/symfony, thanks! As that's a monorepo it may provide a challenge to the tool.
-
Shopware Changes since the 6.0 Dev Training Videos
As Shopware is mostly based on the Symfony framework, which is in turn based on the PHP language, we should also consider learning about the basics, which will also be useful for other frameworks apart from Shopware, like Symfonycasts, symfony.com, php.net.
-
Acquia, My Drupal Startup
Symfony is a PHP framework. https://symfony.com/
It caused much of the internal of Drupal to be re-written. This included how it was extended. With previous major versions you learned about new features and APIs. They followed mostly existing design patterns so it was easy to learn and updates your extensions for. With Symfony you had to learn whole new systems and ways of doing things. It was like learning something entirely new. And, porting extensions to it was far more work and time.
Also, the updates made Drupal slower while consuming far more system resources for the same thing. This increased costs to operate.
-
Drupal 10.1 On OpenBSD 7.3: Install with Composer
Drupal is one of the content management systems aka CMS. It has long history and good stability, which is based on PHP and Symfony.
-
Validating requests on Symfony Framework
Today Symfony is one of the most mature PHP frameworks in the world and because of this, it's used in various projects, including the APIs creation. Recently Symfony included various cool features, like mapping request data to typed objects, that appeared in version 6.3.
- Validando requests no Symfony Framework
-
30 Best Web Development Frameworks for 2023: A Comprehensive Guide
Symfony
- Como desenvolvi um backend web em Clojure
What are some alternatives?
renovate - Universal dependency automation tool.
PHPMailer - The classic email sending library for PHP
Swoole - 🚀 Coroutine-based concurrency library for PHP
Slim Framework - Slim is a PHP micro framework that helps you quickly write simple yet powerful web applications and APIs.
ProxiTok - Open source alternative frontend for TikTok made using PHP
Spiral Framework - High-Performance PHP Framework
tesseract-ocr-for-php - A wrapper to work with Tesseract OCR inside PHP.
Laravel - Laravel is a web application framework with expressive, elegant syntax. We’ve already laid the foundation for your next big idea — freeing you to create without sweating the small things.
HTML Purifier - Standards compliant HTML filter written in PHP
Phalcon - High performance, full-stack PHP framework delivered as a C extension.
Lumen - The Laravel Lumen Framework.
Ubiquity - Ubiquity framework