GitHub, Codacy and others only detect out of date dependencies - very cool how you go the extra step and make a PR. Congratulations and best wishes to you.
Thanks! We wanted to make it as easy as possible, rather than just nagging. There’s actually quite a lot of work involved in generating the updates (assessing resolvability and generating lock files is harder than it sounds), but we think it’s worth it.
Great to hear! I promise we’ll always keep it free for personal private repos - it makes a tonne of sense from our perspective, as we want to build a product people use and advocate.
OT but Kudos on linking the "Trusted by" icons (though it's only gov.uk that points to something that is actually using it). These Trusted by Microsoft, Slack, Techcrunch, etc icons are ubiquitous on every site and project but nobody ever links to it for details/proof. I wish more people would do this instead of just making a huge collage of brand icons.
We (Pixie Labs) have been using Dependabot for a month or two now. Here four reasons why, as a small team with a bunch of codebases to look after, we <3 them:
1. Their pre-sales support was great and they went out of their way to accommodate our requirements.
2. You can get ongoing support from them by @ing the bot in a PR (and they reply inline!).
3. It drip-feeds you updates (5 a day), so a really old project is still manageable.
4. The PR message contains links to release notes, changelog, and actual commits, for the library in question. This is such a time save (and reveals how many OSS projects don't have decent changelogs).
The biggest difference to Gemnasium is that we’ll creat the update PRs for you automatically. The biggest difference to Greenkeeper is that we handle lockfiles out of the box and give you compatibility scores for each update. We love both services, though!
Awesome! You should add that, along with what looks like cleaner yarn.lock support than greenkeeper has, to your landing page under some sort of features section since this isn't the first product in this space and people will be looking for differentiating features :)
Oh, I like this! Had so much troubles at my previous job with getting the updates, is there something new, then one dependency breaks other one....such a mess.
Great job folks!
21 comments
[ 1.7 ms ] story [ 29.0 ms ] threadOT but Kudos on linking the "Trusted by" icons (though it's only gov.uk that points to something that is actually using it). These Trusted by Microsoft, Slack, Techcrunch, etc icons are ubiquitous on every site and project but nobody ever links to it for details/proof. I wish more people would do this instead of just making a huge collage of brand icons.
And yes - totally agree!
1. Their pre-sales support was great and they went out of their way to accommodate our requirements. 2. You can get ongoing support from them by @ing the bot in a PR (and they reply inline!). 3. It drip-feeds you updates (5 a day), so a really old project is still manageable. 4. The PR message contains links to release notes, changelog, and actual commits, for the library in question. This is such a time save (and reveals how many OSS projects don't have decent changelogs).
The biggest difference to Gemnasium is that we’ll creat the update PRs for you automatically. The biggest difference to Greenkeeper is that we handle lockfiles out of the box and give you compatibility scores for each update. We love both services, though!
Edit: ooh, I see its oss and this search indicates Pipfile support is likely: https://github.com/dependabot/dependabot-core/search?utf8=%E...