Enable javascript in your browser for better experience. Need to know to enable it? Go here.
更新于 : Oct 28, 2020
不在本期内容中
这一条目不在当前版本的技术雷达中。如果它出现在最近几期中,那么它很有可能仍然具有相关参考价值。如果这一条目出现在更早的雷达中,那么它很有可能已经不再具有相关性,我们的评估将不再适用于当下。很遗憾我们没有足够的带宽来持续评估以往的雷达内容。 了解更多
Oct 2020
采纳 ?

在所有帮助保持依赖更新的可选工具中,Dependabot 一直是我们认为可靠的默认选择。Dependabot 跟GitHub 的集成平滑,并能自动发送你的pull request,更新依赖到最新的版本。它能在整个组织级别启动,这样所有团队接收到这些 pull request 要容易得多。即便你没有在使用 GitHub,也仍然可以在构建流水线中使用 Dependabot库。如果选择替代品,你可以考虑 Renovate,它支持更多的服务,包括 GitLab,Bitbucket 以及 Azure DevOps

Nov 2019
试验 ?

使代码库的依赖保持最新是一件很麻烦的事,但是出于安全考虑,及时响应依赖的更新还是很重要的。你可以使用工具让这个过程尽可能轻松和自动化。我们的团队在实际使用Dependabot时觉得不错。它可以与GitHub仓库集成,自动检查依赖的版本更新,并在必要时提交一个升级依赖的PR。

May 2018
评估 ?

Keeping dependencies up to date is a chore, but it's important to manage upgrades frequently and incrementally. We want the process to be as painless and automated as possible. Our teams have often hand-rolled scripts to automate parts of the process; now, however, we integrate commercial offerings to do that work. Dependabot is a service that integrates with your GitHub repositories and automatically checks your project dependencies for new versions. When required, Dependabot will open a pull request with upgraded dependencies. Using features of your CI server, you can automatically test upgrades for compatibility and automatically merge compatible upgrades to master. There are alternatives to Dependabot, including Renovate for JavaScript projects and Depfu for JavaScript and Ruby projects. Our teams, however, recommend Dependabot because of its multilanguage support and ease of use.

发布于 : May 15, 2018

下载 PDF

 

English | Español | Português | 中文

订阅技术雷达简报

 

立即订阅

查看存档并阅读往期内容