purl-spec
renovate
purl-spec | renovate | |
---|---|---|
4 | 116 | |
621 | 15,837 | |
2.9% | 2.4% | |
4.8 | 10.0 | |
21 days ago | 3 days ago | |
TypeScript | ||
GNU General Public License v3.0 or later | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
purl-spec
- Purl: A Simple Tool for Text Processing
- Package URL Specification
-
PSA: Changes to the mason.nvim registry
Makes heavy use of purls to define package sources. This aids portability of package identifiers, which is currently leveraged to automate version upgrades through Renovate and hopefully can be used to hook into vulnerability databases such as NVD for automated security scanning purposes.
-
OSS Gadget: Using oss-download
The oss-download tool operates on a Package URL, which is a convenient way to express an ecosystem, package, and version. For example, the Python Django package would be pkg:pypi/django, and version 4.1.4 of Django would be pkg:pypi/[email protected].
renovate
- Git commit helper: add emojis to your commits
-
💡Automatic Deployment of your project dependencies updates on GCP : Efficiency vs. Cost?
This month, I gave a talk with my Zenika colleague Lise at the DevoxxFR conference about Renovate and Dependabot, two great tools to help you automatize and upgrade your dependencies.
-
How use Renovate Bot on self-hosted GitLab
There is no built-in Renovate Bot on a self-hosted GitLab. What can we do to set it up and enjoy all the benefits of automatic dependency updates?
-
Self-Hosted Is Awesome
> Yes, it is awesome until you have to sysadmin it, apply updates, patch it, fix security holes, etc. I am not saying all self-hosted solutions are like that. There are exceptions. However, the majority of open-source self-hosted solutions require a lot of extra work.
I'm currently self-hosting 10 different applications on my local server, which represents everything I've ever seen that looked fun or useful to me. Every one of them had a Docker image with an example compose file, which means updating them just requires periodically running Renovate [0] on the repo that stores all my compose files and then running a script that docker compose pulls the updates. It takes maybe 10 minutes every other week, and is actually kinda fun.
It helps that all the apps are only accessible from within my VPN, so I'm not too worried about fixing security updates within a tiny time window.
[0] https://github.com/renovatebot/renovate
-
Why I recommend Renovate over any other dependency update tools
This is a big deal! Where did you read this? I found:
https://github.com/renovatebot/renovate/discussions/26917
-
Locally test and validate your Renovate configuration files
Renovate is an automated dependency management tool that can be used to keep your dependencies up-to-date. It can be configured to automatically create pull requests to update your dependencies, and it supports a wide range of package managers and platforms.
-
Understanding Mend Renovate's Pull Request Workflow
To get started with Mend Renovate, the comprehensive official documentation provides detailed instructions on installation, configuration, and best practices. Additionally, the Mend Renovate community forum offers a platform for users to connect, share experiences, and access the collective knowledge base.
-
Unfork with ArgoCD
It is a good practice to keep software up to date. To track changes in upstream software, we can utilize automatic dependency tracking systems such as Dependabot or Renovate. This is a broad topic and requires a separate article to be covered. If you would like to read about it, please vote in the comments section below.
- 🦊 GitLab CI YAML Modifications: Tackling the Feedback Loop Problem
-
Evaluating New Software Forges
So do other forges: I have Renovate [0] set up on my self-hosted Forgejo and it's worked great so far.
[0] https://github.com/renovatebot/renovate
What are some alternatives?
OSSGadget - Collection of tools for analyzing open source packages.
dependabot-core - 🤖 Dependabot's core logic for creating update PR's.
rebom - Rebom by Reliza - Catalog of Software Bills of Materials (SBOMs), demo:
dependabot
dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
scala-steward - :robot: A bot that helps you keep your projects up-to-date
mason-registry - Core registry for mason.nvim.
updatecli - A Declarative Dependency Management tool
github-actions-and-renovate
bitbucket-branch-source-plugin - Bitbucket Branch Source Plugin
charts - Bitnami Helm Charts
watchtower - A process for automating Docker container base image updates.