菜单

本页面中的信息并不完全以您的首选语言展示,我们正在完善其他语言版本。想要以您的首选语言了解相关信息,可以点击这里下载PDF。

工具

Dependabot

NOT ON THE CURRENT EDITION
This blip is not on the current edition of the radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the radarUnderstand more
Nov 2019
试验?

使代码库的依赖保持最新是一件很麻烦的事,但是出于安全考虑,及时响应依赖的更新还是很重要的。你可以使用工具让这个过程尽可能轻松和自动化。我们的团队在实际使用Dependabot时觉得不错。它可以与GitHub仓库集成,自动检查依赖的版本更新,并在必要时提交一个升级依赖的PR。

May 2018
评估?

Keeping dependencies up to date is a chore, but it's important to manage upgrades frequently and incrementally. We want the process to be as painless and automated as possible. Our teams have often hand-rolled scripts to automate parts of the process; now, however, we integrate commercial offerings to do that work. Dependabot is a service that integrates with your GitHub repositories and automatically checks your project dependencies for new versions. When required, Dependabot will open a pull request with upgraded dependencies. Using features of your CI server, you can automatically test upgrades for compatibility and automatically merge compatible upgrades to master. There are alternatives to Dependabot, including Renovate for JavaScript projects and Depfu for JavaScript and Ruby projects. Our teams, however, recommend Dependabot because of its multilanguage support and ease of use.