#dependency-management-data — Public Fediverse posts

A couple of weeks ago I was at the Manchester Gophers, giving them a sneak peek of my tutorial I'm doing on Friday at #GopherConUK, and I had a blast - was a great time with some great people, and always a fan of sharing more about #DependencyManagementData

Their post has some other great photos, but I think if you really want a convince to go and speak - if the great people isn't enough - you also get an amazing speaker gift - a custom made Gopher!

A couple of weeks ago I was at the Manchester Gophers, giving them a sneak peek of my tutorial I'm doing on Friday at #GopherConUK, and I had a blast - was a great time with some great people, and always a fan of sharing more about #DependencyManagementData

Their post has some other great photos, but I think if you really want a convince to go and speak - if the great people isn't enough - you also get an amazing speaker gift - a custom made Gopher!

COVID test negative ✅

Next stop: London for #GopherConUK

Looking forward to seeing folks, learning from some awesome people, and sharing some cool insights you can learn from your organisation with #DependencyManagementData 🔥

COVID test negative ✅

Next stop: London for #GopherConUK

Looking forward to seeing folks, learning from some awesome people, and sharing some cool insights you can learn from your organisation with #DependencyManagementData 🔥

Creating beautiful visualisations of dependency data with Evidence

https://fed.brid.gy/r/https://www.jvt.me/posts/2025/07/31/dmd-evidence/

Creating beautiful visualisations of dependency data with Evidence

https://fed.brid.gy/r/https://www.jvt.me/posts/2025/07/31/dmd-evidence/

Properly patching packages: persistently producing patches for published projects, particularly practically prevented by patch-package policy

https://fed.brid.gy/r/https://www.jvt.me/posts/2025/04/12/patch-package-distribute/

Properly patching packages: persistently producing patches for published projects, particularly practically prevented by patch-package policy

https://fed.brid.gy/r/https://www.jvt.me/posts/2025/04/12/patch-package-distribute/

Off the back of the tj-actions/changed-files #SupplyChainSecurity attack, I've written up how you can use #DependencyManagementData to determine the impact across your org - already found it's been very useful 👀

Off the back of the tj-actions/changed-files #SupplyChainSecurity attack, I've written up how you can use #DependencyManagementData to determine the impact across your org - already found it's been very useful 👀

Finally put the finishing touches to my rewrite of the renovate-graph docs which I started on Monday at #BatchBunch

Finally put the finishing touches to my rewrite of the renovate-graph docs which I started on Monday at #BatchBunch

Celebrating dependency-management-data's second birthday

https://fed.brid.gy/r/https://www.jvt.me/posts/2025/02/06/dmd-birthday/

Celebrating dependency-management-data's second birthday

https://fed.brid.gy/r/https://www.jvt.me/posts/2025/02/06/dmd-birthday/

FYI that #DependencyManagementData v0.114.0 is out with an important refactor, but is one to watch out for!

If you're using the Renovate datasource, the package_names may be different to what they were previously. This now makes them actual package names, rather than the "pretty" depName but it's likely to catch folks out 👀

FYI that #DependencyManagementData v0.114.0 is out with an important refactor, but is one to watch out for!

If you're using the Renovate datasource, the package_names may be different to what they were previously. This now makes them actual package names, rather than the "pretty" depName but it's likely to catch folks out 👀

You can now resolve remote presets when using Renovate's local platform in renovate-graph

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/12/12/renovate-graph-local-presets/

You can now resolve remote presets when using Renovate's local platform in renovate-graph

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/12/12/renovate-graph-local-presets/

Creating renovate-packagedata-diff to diff Renovate package data dumps

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/12/08/renovate-packagedata-diff/

Creating renovate-packagedata-diff to diff Renovate package data dumps

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/12/08/renovate-packagedata-diff/

Lessons learned adding OpenTelemetry to a (Cobra) command-line Go tool

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/11/17/cobra-otel-lessons/

Lessons learned adding OpenTelemetry to a (Cobra) command-line Go tool

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/11/17/cobra-otel-lessons/

Summarising the skipReasons for Renovate data exports

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/11/08/renovate-packagedump-skip-reason/

Summarising the skipReasons for Renovate data exports

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/11/08/renovate-packagedump-skip-reason/

Why yes, #DependencyManagementData now has stickers 👀

Why yes, #DependencyManagementData now has stickers 👀

How to use Dependency Management Data to discover which dependencies are participating in Hacktoberfest

Detailing how you could use dependency-management-data to gain insight into which dependencies you use are participating in Hacktoberfest.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/09/03/dmd-hacktoberfest/

How to use Dependency Management Data to discover which dependencies are participating in Hacktoberfest

Detailing how you could use dependency-management-data to gain insight into which dependencies you use are participating in Hacktoberfest.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/09/03/dmd-hacktoberfest/

You can now parse repo-level Renovate configuration with renovate-graph

Announcing a new release of `renovate-graph` which now parses repo-level Renovate configuration.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/28/renovate-graph-repo-config/

You can now parse repo-level Renovate configuration with renovate-graph

Announcing a new release of `renovate-graph` which now parses repo-level Renovate configuration.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/28/renovate-graph-repo-config/

Dependency Management Data's Open Policy Agent support is now a whole lot more efficient

Talking about the latest release of Dependency Management Data and some refactoring that's led to better performance.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/27/dmd-opa-perf/

Dependency Management Data's Open Policy Agent support is now a whole lot more efficient

Talking about the latest release of Dependency Management Data and some refactoring that's led to better performance.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/27/dmd-opa-perf/

Dependency Management Data's now on Mastodon!

Announcing the dependency-management-data Mastodon account for automated release announcements (and more?).

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/14/dmd-mastodon/

Dependency Management Data's now on Mastodon!

Announcing the dependency-management-data Mastodon account for automated release announcements (and more?).

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/14/dmd-mastodon/

Dynamically querying EndOfLife.date data for internal packages with Open Policy Agent and Dependency Management Data

How you can retrieve End-of-Life data via EndOfLife.date using Dependency Management Data's Policies functionality.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/14/dmd-opa-eol/

Dynamically querying EndOfLife.date data for internal packages with Open Policy Agent and Dependency Management Data

How you can retrieve End-of-Life data via EndOfLife.date using Dependency Management Data's Policies functionality.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/14/dmd-opa-eol/

Dependency Management Data is now a lot easier to work with when using Software Bill of Materials

Announcing an improved model for interacting with SBOMs, removing the need to understand the Repo Key up-front.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/09/dmd-sbom/

Dependency Management Data is now a lot easier to work with when using Software Bill of Materials

Announcing an improved model for interacting with SBOMs, removing the need to understand the Repo Key up-front.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/07/09/dmd-sbom/

Dependency Management Data can now use sql-studio for database browsing

Announcing the availability of the `sql-studio` database browser for dependency-management-data's web application.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/06/28/dmd-sql-studio/

Dependency Management Data can now use sql-studio for database browsing

Announcing the availability of the `sql-studio` database browser for dependency-management-data's web application.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/06/28/dmd-sql-studio/

Dependency Management Data's web application can now be deployed as a single static binary

Announcing dependency-management-data's embedded SQL browser interface.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/06/16/dmd-web-embedded/

Dependency Management Data's web application can now be deployed as a single static binary

Announcing dependency-management-data's embedded SQL browser interface.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/06/16/dmd-web-embedded/

What can we learn about the backdooring of xz/liblzma, using OpenSSF Security Scorecards and dependency-management-data?

Looking at how the recent CVE-2024-3094 vulnerability could provide insight into other cases of risk in dependencies and their lack of code review.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/03/29/xz-scorecards/

What can we learn about the backdooring of xz/liblzma, using OpenSSF Security Scorecards and dependency-management-data?

Looking at how the recent CVE-2024-3094 vulnerability could provide insight into other cases of risk in dependencies and their lack of code review.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/03/29/xz-scorecards/

I'm on Changelog and Friends!

Announcing my first podcast appearance on Changelog and Friends, talking about salary history, the IndieWeb, ADHD and dependency-management-data, among other things.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/02/17/changelog-friends/

I'm on Changelog and Friends!

Announcing my first podcast appearance on Changelog and Friends, talking about salary history, the IndieWeb, ADHD and dependency-management-data, among other things.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/02/17/changelog-friends/

Very excited to see that the videos from #StateOfOpenCon #SOOCon24 are up - so if you missed my talk Quantifying Your Reliance on Open Source Software with #DependencyManagementData, you can find the recording on YouTube.

If you're interested, also check out the slides and the full talk writeup.

Very excited to see that the videos from #StateOfOpenCon #SOOCon24 are up - so if you missed my talk Quantifying Your Reliance on Open Source Software with #DependencyManagementData, you can find the recording on YouTube.

If you're interested, also check out the slides and the full talk writeup.

Quantifying your reliance on Open Source software (State of Open Con version)

A writeup of my talk about the dependency-management-data project at the State of Open Con 2024 conference.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/02/06/dmd-talk-sooc/

Quantifying your reliance on Open Source software (State of Open Con version)

A writeup of my talk about the dependency-management-data project at the State of Open Con 2024 conference.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/02/06/dmd-talk-sooc/

Why yes, yes I am wearing a custom #DependencyManagementData t-shirt to #StateOfOpenCon #SOOCon24 🤓 big thanks to Carol Gilabert for making it 🚀

Why yes, yes I am wearing a custom #DependencyManagementData t-shirt to #StateOfOpenCon #SOOCon24 🤓 big thanks to Carol Gilabert for making it 🚀

Celebrating dependency-management-data's first birthday

Reflecting on the last year of the project.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/02/02/dmd-birthday/

Celebrating dependency-management-data's first birthday

Reflecting on the last year of the project.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/02/02/dmd-birthday/

Introducing insight into your dependencies' health in dependency-management-data

How you can use the new dependency health functionality to better understand your dependencies.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/01/27/dmd-dependency-health/

Introducing insight into your dependencies' health in dependency-management-data

How you can use the new dependency health functionality to better understand your dependencies.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/01/27/dmd-dependency-health/

dependency-management-data now has a logo!

Very excited to note that the project now has a logo.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/01/24/dmd-logo/

dependency-management-data now has a logo!

Very excited to note that the project now has a logo.

https://fed.brid.gy/r/https://www.jvt.me/posts/2024/01/24/dmd-logo/

I was pretty chuffed with adding these Slack notifications (via Goreleaser and go-semantic-release) for releases to #DependencyManagementData which flag when there are breaking changes in the release! Makes it much easier to see at a glance, especially as there's a lot of changes going into it 🤓

I was pretty chuffed with adding these Slack notifications (via Goreleaser and go-semantic-release) for releases to #DependencyManagementData which flag when there are breaking changes in the release! Makes it much easier to see at a glance, especially as there's a lot of changes going into it 🤓