We are happy to announce the general availability of automated dependency update management in the Helmholtz Codebase GitLab. It provides automatic dependency updates in order to keep your software up-to-date and secure.
Why should you bother?
Outdated dependencies with known security flaws is one of the most frequent security issues that get exploited most often. Enabling automated dependency updates helps you saving time by keeping track of all dependency updates, automating time-consuming recurring dependency update tasks, and staying secure in your application.
All Information in One Place
Beside the versions of the old and new dependency, it provides you with information about the release notes as well as the commit history.
How does it work?
The bot will automatically create Merge Requests for dependency updates:
The list of supported ecosystems is given here. Among others, Python, Docker or Git submodules are supported. If you want to use Dependabot for your software project, you can find the setup instructions in our documentation.
Comments and Suggestions
If you have suggestions, questions, or queries, please don’t hesitate to write us.