Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Last updated : Oct 28, 2020
Not on the current edition
This blip is not on the current edition of the Radar. If it was on one of the last few editions it is likely that it is still relevant. If the blip is older it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar Understand more
Oct 2020
采纳 ? 我们强烈建议业界采用这些技术,我们将会在任何合适的项目中使用它们。

在所有帮助保持依赖更新的可选工具中,Dependabot 一直是我们认为可靠的默认选择。Dependabot 跟GitHub 的集成平滑,并能自动发送你的pull request,更新依赖到最新的版本。它能在整个组织级别启动,这样所有团队接收到这些 pull request 要容易得多。即便你没有在使用 GitHub,也仍然可以在构建流水线中使用 Dependabot库。如果选择替代品,你可以考虑 Renovate,它支持更多的服务,包括 GitLab,Bitbucket 以及 Azure DevOps

Nov 2019
试验 ? 值得一试。了解为何要构建这一能力是很重要的。企业应当在风险可控的前提下在项目中尝试应用此项技术。


May 2018
评估 ? 在了解它将对你的企业产生什么影响的前提下值得探索

Keeping dependencies up to date is a chore, but it's important to manage upgrades frequently and incrementally. We want the process to be as painless and automated as possible. Our teams have often hand-rolled scripts to automate parts of the process; now, however, we integrate commercial offerings to do that work. Dependabot is a service that integrates with your GitHub repositories and automatically checks your project dependencies for new versions. When required, Dependabot will open a pull request with upgraded dependencies. Using features of your CI server, you can automatically test upgrades for compatibility and automatically merge compatible upgrades to master. There are alternatives to Dependabot, including Renovate for JavaScript projects and Depfu for JavaScript and Ruby projects. Our teams, however, recommend Dependabot because of its multilanguage support and ease of use.

已发布 : May 15, 2018


English | Español | Português | 中文