console
dependabot-core
console | dependabot-core | |
---|---|---|
11 | 30 | |
107 | 3,885 | |
10.3% | 1.7% | |
9.7 | 10.0 | |
2 days ago | 3 days ago | |
TypeScript | Ruby | |
Mozilla Public License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
console
-
Oxide Cloud Computer. No Cables. No Assembly. Just Cloud
>https://console-preview.oxide.computer/
That's pretty cool! The design language is a nice touch for sure.
-
Storybook 8
I've used Storybook during development for a while now and the use case you present is how the Storybook is pitched. I actually agree about the simplicity of discovering the components. What I disagree with, though, is that I can't see value of "develop & test your UI independently from your app" part. It forces me to decouple the state from a component and this in turn adds unnecessary complexity to the architecture.
I'm going to use Oxide console [1] as an example because it has a really good setup of MSW + OpenAPI autogenerated mocks (which means that it doesn't need any complete backend, just a defined contract).
Consider this fairly simple page [2]. If I'm using the Storybook pattern, I'm keeping all of the state outside of the component, which means I now have to manually memoize every single variable defined before the return to make sure that the component doesn't do any unnecessary re-renders. This includes `intervalPicker`, `commonProps`, `setFilterId`, every return of `useDateTimeRangePicker`. With MSW I have benefits not needing the API, testing in real production app, using the same exact mocks for unit tests and development.
[1]: https://github.com/oxidecomputer/console
[2]: https://github.com/oxidecomputer/console/blob/main/app/pages...
- Tailwind CSS v4.0.0 Alpha
-
Remix Vite Is Now Stable
SPA mode (what I assume you mean by BFF mode) is brand new, so almost nobody has used it. However, a close example would be the Oxide web console, which we build as an SPA because we want to serve it as static assets from a Rust backend. It's very close to your suggested stack: React + React Router + Tanstack query + zustand, though importantly we also use React Router's loaders to give the app a better-than-SPA feel on navigations. I do plan on moving it to Remix SPA mode when I get a chance, but like I said the result should be very similar so it's not that high a priority for me. If I were starting from scratch I'd probably use Remix SPA.
Repo: https://github.com/oxidecomputer/console/
Live demo here with in-browser MSW mock API: https://oxide-console-preview.vercel.app
-
Oxide: The Cloud Computer
VPS providers are nice, but they don't provide the same cloud-level capabilities that Oxide offers. Check out the console to get an idea of what I mean (this is a demo with mock data): https://oxide-console-preview.vercel.app/
-
Mock Service Worker(msw) releases 2.0
Yeah, basically. We do it with a function call where the argument to the function is that interface representing all the API endpoints. `makeHandlers` handles parsing path params, query params, and request body and passes them to each endpoint handler. So the runtime validation of request bodies is also generated — we generate a zod schema for each request body in the OpenAPI definition and use it to parse the actual request body that comes in.
big function call https://github.com/oxidecomputer/console/blob/bd65b9da7019ad...
automatic body parsing and argument passing: https://github.com/oxidecomputer/console/blob/bd65b9da7019ad...
When an endpoint gets added to the spec, we can rerun the generator and get type errors in the `makeHandlers` telling us endpdoints are missing.
dependabot-core
-
Why I recommend Renovate over any other dependency update tools
Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)
Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).
-
Storybook 8
Storybook is great and all, but these days nearly every Dependabot alert I get is about a sub-dependency of Storybook. Since Dependabot doesn't currently allow you to ignore dev dependencies and only check production dependencies [0], this makes Storybook a Big Noise Generator and every time I dismiss another alert from it, I can't help but wonder if there's a better option out there.
[0] https://github.com/dependabot/dependabot-core/issues/2521
-
Keeping dependencies in your GitHub projects up-to-date with Dependabot
P.S. While this being a powerful and handy tool itself, it is only a part of Dependabot’s capabilities. If you are interested, you’ll find more about them in the GitHub docs.
-
How to Manage Helm Chart Dependency Versions?
Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.
-
Dependabot vs RenovateBot
- https://github.com/dependabot/dependabot-core
-
Introducing Bld: A New Pure Java Build System
An important point is that this kind of metadata often needs to be accessible from outside the build system itself. You need that for example in order to integration with renovate-bot or github's dependabot, to check your dependencies against CVEs, to build SBOMs and various other additional tasks that are not part of the build itself, but related to the build's metadata. This is all functionality I don't want to reimplement, I want to use what's already out there. And for that the build system needs to have some minimum amount of compatibility with existing standard metadata files like pom.xml or build.gradle
-
OpenAI, MinIO, And Why You Should Always Use docker-cli-scan To Keep Your Supply chAIn Clean
To avoid any potential data breaches, it is recommended that users upgrade to a patched version of MinIO (RELEASE.2023-03-20T20-16-18Z) and integrate security tooling such as docker-cli-scan or use Github’s built-in monitoring for supply chain vulnerabilities, which already contains a record referencing this vulnerability.
-
OCI Helm chat repo with common apps
I recognize that it does not handle chart updates, but it's might still ease the burden of applying minor releases easily etc. For the chart versions themselves, unfortunately dependabot does not support this and will not, but something like renovatebot does. Could be worth looking into as a dual approach
-
Private profiles are now generally available on GitHub
Disclosure: Renovate author
Renovate is indeed AGPL, but if you're just running it as a CLI, do you think there's anything to "watch out for"? It does not make any project you run it against AGPL, that's for sure.
Also you should be aware that dependabot-core, which dependabot-gitlab wraps, is not technically Open Source at all: https://github.com/dependabot/dependabot-core/blob/main/LICE...
-
We use Dependabot to secure GitHub
Waiting for Yarn v2/v3 support in Dependabot has been a saga.
https://github.com/dependabot/dependabot-core/issues/1297
What are some alternatives?
orval - orval is able to generate client with appropriate type-signatures (TypeScript) from any valid OpenAPI v3 or Swagger v2 specification, either in yaml or json formats. 🍺
renovate - Universal dependency automation tool.
meetup-contacts-app-2021 - Modern, structured React application demo with pages, services. An Opinionated React App template for large projects.
gradle-versions-plugin - Gradle plugin to discover dependency updates
cio - Rust libraries for APIs needed by our automated CIO.
fetch-metadata - Extract information about the dependencies being updated by a Dependabot-generated PR.
moonfire-nvr - Moonfire NVR, a security camera network video recorder
dockerfile-samples - Dockerfile samples to make your life easier
manifold-api - Manifold API Client Bindings
licensed - A Ruby gem to cache and verify the licenses of dependencies
oxide.ts - TypeScript client for the Oxide API
chaskiq - A full featured Live Chat, Support & Marketing platform, alternative to Intercom, Drift, Crisp, etc from cience.com