Written by Jamie Tanna
on 
CC-BY-NC-SA-4.0 Apache-2.0
1 mins

I'm on Open Source Security: Updating open source dependencies

Featured image for sharing metadata for article

A few weeks ago, I joined the Josh Bressers on the Open Source Security podcast to talk about the joys and difficulties of updating dependencies, and we had a great time.

In particular, this focussed on Renovate, given my role as maintainer and community manager on the project, and talking about some of the difficulties of updating dependencies.

We spoke about the (now released) Renovate 42 release, and work we've been doing around Minimum Release Age support - which we've had since 2019 - to better secure the ecosystem by default. Given the recent Sha1-Hulud attack, having this sort of functionality in place does reduce the chance of you directly being affected, so take a look!

This was a great chat, and we managed to get into a number of topics - but I honestly feel we could've talked for a day and still not have scratched the surface of some of the nuance and complexity that dependency management + updating has!

As an aside, my audio sounds a fair bit worse than I'd thought at the time - sorry! - I need to find out what's gone on there and improve it for future recordings.

Written by Jamie Tanna's profile image Jamie Tanna on , and last updated on .

Content for this article is shared under the terms of the Creative Commons Attribution Non Commercial Share Alike 4.0 International, and code is shared under the Apache License 2.0.

#podcast #open-source #renovate.

This post was filed under articles.

Interactions with this post

Interactions with this post

Below you can find the interactions that this page has had using WebMention.

Have you written a response to this post? Let me know the URL:

Do you not have a website set up with WebMention capabilities? You can use Comment Parade.