Why I recommend Renovate over any other dependency update tools

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • evergreen

    GitHub Action to enable automated security updates and open a issue/PR in repos in an org that have dependency files but no dependabot.yaml file (by github)

    I don't understand why Github does not invest more into Dependabot. Everyone need something like this, and Github is positioned to offer the best sca tool there is. And yet... stuff like grouping has only been recently added.

    Anyhow, this is useful to rollout dependabot.yaml config at scale: https://github.com/github/evergreen

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • oapi-codegen

    Generate Go client and server boilerplate from OpenAPI 3 specifications (by jamietanna)

    Renovate isn't special with how it authenticates - you can run it as your own user ie https://github.com/jamietanna/oapi-codegen/pull/12 and Renovate runs against GitLab, Bitbucket and I believe other platforms too

  • renovate-automatic-branch

    Create automatic branch to merge Renovate PR

    https://github.com/bodinsamuel/renovate-automatic-branch

    So you have nothing to do except a big review once in a while.

  • dependabot-core

    🤖 Dependabot's core logic for creating update PRs.

    Oh yes, https://github.com/dependabot/dependabot-core/issues/3253. I wouldn't go so far as saying it was locked because it was too uncivil, mostly just because "additional commentary wasn't adding value" ;)

    Your read on the situation is spot on, and no, it doesn't look like it's been "fixed" (mostly because "fixing it would re-introduce the same potential vulnerability).

  • renovate

    Home of the Renovate CLI: Cross-platform Dependency Automation by Mend.io

    This is a big deal! Where did you read this? I found:

    https://github.com/renovatebot/renovate/discussions/26917

  • frontend

    Started using renovate to update a few internal dependencies.

    A few years later more than 30 projects using it and almost all of that growth happened naturally: https://gitlab.com/gitlab-org/frontend/renovate-gitlab-bot

    We operate on a fork (5 commits or so) which contains some hacks to support a forked workflow on GitLab and some minor adjustments for that workflow. Really need to upstream some of it: https://gitlab.com/gitlab-org/frontend/renovate-fork/-/merge...

    The author was always super kind, responsive and accommodating.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • How to Manage Helm Chart Dependency Versions?

    2 projects | /r/helm | 4 Aug 2023
  • Private profiles are now generally available on GitHub

    5 projects | news.ycombinator.com | 29 Sep 2022
  • How do you keep up with NPM package updates?

    2 projects | /r/node | 17 May 2022
  • PSA: Changes to the mason.nvim registry

    5 projects | /r/neovim | 26 Mar 2023
  • OCI Helm chat repo with common apps

    4 projects | /r/kubernetes | 2 Nov 2022