#dependency-management — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #dependency-management, aggregated by home.social.
-
🚨 New Blog Post🚨
I've compiled what we've learned about Gradle's dependency verification feature at the GradleX project into a best practices guide! If you use dependency verification or are planning to adopt it, this one is for you!
👉 https://britter.dev/blog/2026/06/01/gradle-dependency-verification-best-practices/
-
🚨 New Blog Post🚨
I've compiled what we've learned about Gradle's dependency verification feature at the GradleX project into a best practices guide! If you use dependency verification or are planning to adopt it, this one is for you!
👉 https://britter.dev/blog/2026/06/01/gradle-dependency-verification-best-practices/
-
🚀 "In a revolutionary finding, Olivier Gambier advocates for the groundbreaking strategy of *not* updating your dependencies in 2026. Because nothing screams 'innovation' like turning your server into a digital Jurassic Park 🦖, where ancient vulnerabilities roam free and happy!" 🧑💻🔗
https://www.mendral.com/blog/you-should-not-update #HackerNews #DependencyManagement #DigitalJurassicPark #TechInnovation #SoftwareDevelopment #HackerNews #ngated -
🚀 "In a revolutionary finding, Olivier Gambier advocates for the groundbreaking strategy of *not* updating your dependencies in 2026. Because nothing screams 'innovation' like turning your server into a digital Jurassic Park 🦖, where ancient vulnerabilities roam free and happy!" 🧑💻🔗
https://www.mendral.com/blog/you-should-not-update #HackerNews #DependencyManagement #DigitalJurassicPark #TechInnovation #SoftwareDevelopment #HackerNews #ngated -
You Should Not Update Your Dependencies
https://www.mendral.com/blog/you-should-not-update
#HackerNews #YouShouldNotUpdate #YourDependencies #SoftwareDevelopment #DependencyManagement #BestPractices #TechAdvice
-
You Should Not Update Your Dependencies
https://www.mendral.com/blog/you-should-not-update
#HackerNews #YouShouldNotUpdate #YourDependencies #SoftwareDevelopment #DependencyManagement #BestPractices #TechAdvice
-
Сможете ли вы спроектировать Maven‑монорепозиторий для 5 микросервисов?
В этой статье мы разберём реальную задачу на проектирование Maven Multi‑Module: от циклических зависимостей и неправильного использования spring‑boot‑maven‑plugin до смешения ролей агрегатора и родителя. Затем соберём эталонную структуру по лучшим практикам Spring Cloud и Netflix, добавим CI/CD‑диаграмму и научимся запускать сервис локально без Eureka и RabbitMQ. Найти ошибки
https://habr.com/ru/companies/otus/articles/1031254/
#Maven #монорепозиторий #микросервисы #Spring_Boot #multimodule #dependencyManagement #Maven_Wrapper #архитектура_сборки #Java
-
via @dotnet : NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports
https://ift.tt/mUszAVv
#NuGet #PackagePruning #DotNet10 #DependencyManagement #VulnerabilityReports #TransitiveDependencies #FalsePositives #RestoreGraph #PrivateAsset… -
via @dotnet : NuGet Package Pruning: Cleaner Dependencies and Actionable Vulnerability Reports
https://ift.tt/mUszAVv
#NuGet #PackagePruning #DotNet10 #DependencyManagement #VulnerabilityReports #TransitiveDependencies #FalsePositives #RestoreGraph #PrivateAsset… -
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated -
Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated -
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) It's about upping your engineering game! -- a workshop article with hands on parts #developement #EUCRA #CRA #cyberresilienceact #sbom #softwarebillofmaterials #engineering #quality #freesoftware #libresoftware #dependencies #dependencymanagement
-
EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) It's about upping your engineering game! -- a workshop article with hands on parts #developement #EUCRA #CRA #cyberresilienceact #sbom #softwarebillofmaterials #engineering #quality #freesoftware #libresoftware #dependencies #dependencymanagement
-
Build a Go dependency scanner with the standard library: parse go.mod, query OSV for vulnerabilities, and analyze licenses. https://hackernoon.com/building-a-go-dependency-scanner-from-scratch #dependencymanagement
-
Build a Go dependency scanner with the standard library: parse go.mod, query OSV for vulnerabilities, and analyze licenses. https://hackernoon.com/building-a-go-dependency-scanner-from-scratch #dependencymanagement
-
via @dotnet : Announcing the NuGet MCP Server Preview
https://ift.tt/QbdgEc8
#NuGet #MCPServer #DotNet #AI #PackageManagement #RealTimeIntegration #DevelopmentTools #DependencyManagement #OpenStandard #MicrosoftResearch #PreviewRelease #Feedback #CodingAgent #Vi… -
via @dotnet : Announcing the NuGet MCP Server Preview
https://ift.tt/QbdgEc8
#NuGet #MCPServer #DotNet #AI #PackageManagement #RealTimeIntegration #DevelopmentTools #DependencyManagement #OpenStandard #MicrosoftResearch #PreviewRelease #Feedback #CodingAgent #Vi… -
via @dotnet : The new Dependabot NuGet updater: 65% faster with native .NET
https://ift.tt/sbOruqD
#Dependabot #NuGet #DotNet #DependencyManagement #SoftwareDevelopment #PerformanceImprovement #Automation #OpenSource #GitHub #DevOps #CSharp #MSBuild #PackageMana… -
via @dotnet : The new Dependabot NuGet updater: 65% faster with native .NET
https://ift.tt/sbOruqD
#Dependabot #NuGet #DotNet #DependencyManagement #SoftwareDevelopment #PerformanceImprovement #Automation #OpenSource #GitHub #DevOps #CSharp #MSBuild #PackageMana… -
Ah, yet another attempt to force C/C++ into the hipster #Rust mold with a side of dependency management! 😂 Because clearly, what C/C++ devs needed was more #bloat and complexity, right? 🚀 Bonus points for throwing in AI to make sure your code writes itself while you sip your artisanal coffee. ☕✨
https://github.com/AI314159/Seastar #Cplusplus #DependencyManagement #AIHumor #ArtisanalCoffee #HackerNews #ngated -
Ah, yet another attempt to force C/C++ into the hipster #Rust mold with a side of dependency management! 😂 Because clearly, what C/C++ devs needed was more #bloat and complexity, right? 🚀 Bonus points for throwing in AI to make sure your code writes itself while you sip your artisanal coffee. ☕✨
https://github.com/AI314159/Seastar #Cplusplus #DependencyManagement #AIHumor #ArtisanalCoffee #HackerNews #ngated -
New Release v2.4 of https://github.com/gradlex-org/jvm-dependency-conflict-resolution
🔧 Fixes:
- #238: The patch DSL now supports dependencies with non-standard variant names (e.g., com.google.guava).
- #243: Resolved clashes between jakarta.xml.ws:jakarta.xml.ws-api and jakarta.jws:jakarta.jws-api for versions ≤ 4.0.⚠️ Deprecation:
- #251: GuavaComponentRule is now deprecated in favor of the more flexible and general patch DSL.#Gradle #DependencyManagement #Java #JVM #OpenSource #DevTools #SoftwareEngineering
-
New Release v2.4 of https://github.com/gradlex-org/jvm-dependency-conflict-resolution
🔧 Fixes:
- #238: The patch DSL now supports dependencies with non-standard variant names (e.g., com.google.guava).
- #243: Resolved clashes between jakarta.xml.ws:jakarta.xml.ws-api and jakarta.jws:jakarta.jws-api for versions ≤ 4.0.⚠️ Deprecation:
- #251: GuavaComponentRule is now deprecated in favor of the more flexible and general patch DSL.#Gradle #DependencyManagement #Java #JVM #OpenSource #DevTools #SoftwareEngineering
-
via @dotnet : How we ended up rewriting NuGet Restore in .NET 9
https://ift.tt/7IYrfjh
#NuGet #DotNet9 #SoftwareEngineering #PerformanceOptimization #DependencyManagement #Microsoft #VisualStudio #Coding #DeveloperProductivity #OpenSource #TechBlog #SoftwareDeve… -
via @dotnet : How we ended up rewriting NuGet Restore in .NET 9
https://ift.tt/7IYrfjh
#NuGet #DotNet9 #SoftwareEngineering #PerformanceOptimization #DependencyManagement #Microsoft #VisualStudio #Coding #DeveloperProductivity #OpenSource #TechBlog #SoftwareDeve… -
As an owner of a network, service, or application one must ALWAYS be defensive and understand why you place trust in another party.
Re-examine that trust with every update you apply. Sure, it sucks. But, that is the responsibility one assumes in owning any process. It's easy to #YOLO changes; but, know _why_ and OWN it.
A good deal of this article applies regardless of using SemVer or not. And beyond just software packages.
https://hynek.me/articles/semver-will-not-save-you/#taking-responsibility
-
As an owner of a network, service, or application one must ALWAYS be defensive and understand why you place trust in another party.
Re-examine that trust with every update you apply. Sure, it sucks. But, that is the responsibility one assumes in owning any process. It's easy to #YOLO changes; but, know _why_ and OWN it.
A good deal of this article applies regardless of using SemVer or not. And beyond just software packages.
https://hynek.me/articles/semver-will-not-save-you/#taking-responsibility
-
-
🔗 Struggling with evil dependencies in your codebase?
This article explores strategies to identify, manage, and minimize them—ensuring cleaner, more maintainable software. Don’t let dependencies slow you down: https://ter.li/7twu3v
#SoftwareEngineering #TechDebt #DependencyManagement #CodeQuality #Tech #Code
-
Depending in Common Lisp – Using the CLOS dependent maintenance protocol (2022) — https://stevelosh.com/blog/2022/08/depending-in-common-lisp/
#HackerNews #CommonLisp #CLOS #DependencyManagement #SoftwareDevelopment #ProgrammingLanguages #TechBlog -
🚨 When your code is a few KB, but your dependencies rival AAA game installations. Still believe in fairy tales of secure code?
Gigabytes of code you didn't write. Licences you didn't read. Security flaws you didn't anticipate. Yet, you trust them. Adorable.
Not just Node.js. Gradle caches, AWS libs with 400 sub-dependencies + reflection parties. In control? How cute.
I use plain Java with jlink + jpackage. Minimal. Secure. No bloat.
Fewer deps = fewer surprises. Because I care.
But hey, keep stacking that Jenga tower. Watching it fall will be fun.
#MinimalismMatters #CleanCode #DependencyHell #JavaPurist #DoYouEvenCare #LessIsMore #CodeSmart #TechDebt #DependencyManagement #JavaDeveloper #SecureCoding #LightweightCode #ModernJava #RefactorYourLife #NoBloat #CodeQuality #developer #code