#dependencymanagement — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #dependencymanagement, aggregated by home.social.
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
🚨 Critical Composer Update: 2.9.8 & 2.2.28 fix a GitHub Actions token disclosure!
⚠️ Update NOW or disable GitHub Actions immediately!
#PHP #Composer #ComposerPHP #OpenSource #WebDevelopment #GitHubActions #DevSecOps #CyberSecurity #SoftwareUpdate #PatchRelease #DependencyManagement #SecurityFix #Programming #Packagist #PHPDev #ComposerUpdate #OpenSourceSoftware #WebDevLife #InfoSec #SecurityPatch #CodeSmart #DependencyManagement #SoftwareSecurity #TechUpdate
-
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Are you working with software dependencies in constrained environments? Then this might interest you:
I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.
Where & when to go?
Monday, March 23
13:15 CET
Amsterdam
#Ospology #DevOps #Security #OpenSource #DependencyManagement -
Hey devs! 👋
I build mobile apps and got tired of manually fixing broken builds and dependencies after package updates. So I decided to build an AI agent that automatically fixes update-related errors and updates dependencies — even library upgrades.
Quick facts about the agent:
- Runs on deepseek in deepseek-chst (v3.2) mode with temperature 0.0.
- Can revive the project after errors and run automated tests.
- Won’t require confirmations for common commands (build, run, flutter pub get, etc.) to save time.
- While the agent fixes things automatically, you can do something useful or grab a coffee ☕.Why this matters:
- I tried dozens of solutions — many crash frequently or demand confirmations even for simple commands (cd, cat, etc.). Endless "Y + Enter" kills productivity.Want to help?
- If you want to join improving this tool — follow me and leave feedback. I’ll share the open Git repo and welcome your suggestions and criticism.Thanks — have a great day/evening (time zones may vary)!
#devtools #aiagent #automation #mobiledev #flutter #dependencymanagement #ci #devops #softwareengineering #productivity
-
Hey devs! 👋
I build mobile apps and got tired of manually fixing broken builds and dependencies after package updates. So I decided to build an AI agent that automatically fixes update-related errors and updates dependencies — even library upgrades.
Quick facts about the agent:
- Runs on deepseek in deepseek-chst (v3.2) mode with temperature 0.0.
- Can revive the project after errors and run automated tests.
- Won’t require confirmations for common commands (build, run, flutter pub get, etc.) to save time.
- While the agent fixes things automatically, you can do something useful or grab a coffee ☕.Why this matters:
- I tried dozens of solutions — many crash frequently or demand confirmations even for simple commands (cd, cat, etc.). Endless "Y + Enter" kills productivity.Want to help?
- If you want to join improving this tool — follow me and leave feedback. I’ll share the open Git repo and welcome your suggestions and criticism.Thanks — have a great day/evening (time zones may vary)!
#devtools #aiagent #automation #mobiledev #flutter #dependencymanagement #ci #devops #softwareengineering #productivity
-
Hey devs! 👋
I build mobile apps and got tired of manually fixing broken builds and dependencies after package updates. So I decided to build an AI agent that automatically fixes update-related errors and updates dependencies — even library upgrades.
Quick facts about the agent:
- Runs on deepseek in deepseek-chst (v3.2) mode with temperature 0.0.
- Can revive the project after errors and run automated tests.
- Won’t require confirmations for common commands (build, run, flutter pub get, etc.) to save time.
- While the agent fixes things automatically, you can do something useful or grab a coffee ☕.Why this matters:
- I tried dozens of solutions — many crash frequently or demand confirmations even for simple commands (cd, cat, etc.). Endless "Y + Enter" kills productivity.Want to help?
- If you want to join improving this tool — follow me and leave feedback. I’ll share the open Git repo and welcome your suggestions and criticism.Thanks — have a great day/evening (time zones may vary)!
#devtools #aiagent #automation #mobiledev #flutter #dependencymanagement #ci #devops #softwareengineering #productivity
-
Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated -
Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated -
Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated -
Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated -
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."
#npm #supplychainattack #dependencymanagement
https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns
-
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode
https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU… -
"Làm việc với dự án đa ngôn ngữ (Node.js, Python, Java) thật sự là một cơn ác mộng khi phải tìm kiếm và cập nhật các gói phụ thuộc!
Có ai khác gặp phải vấn đề tương tự?
Làm thế nào để bạn quản lý các phụ thuộc đa ngôn ngữ hiện nay? #DevTools #MultiLanguage #DependencyManagement #CôngCụPhátTriển #QuảnLýPhụThuộc"https://www.reddit.com/r/SaaS/comments/1oq7n23/ever_spend_hours_fixing_missing_dependencies_on/
-
Tác giả chia sẻ cách giữ các "input" Nix (AI, công cụ dev, desktop) luôn mới bằng cách tách biệt chúng để cập nhật theo lịch trình khác nhau. Anh ấy cũng đã viết một script nhỏ để kiểm tra các bản cập nhật có sẵn.
#Nix #NixOS #Programming #DevTools #DependencyManagement #LậpTrình #CôngCụPhátTriển #QuảnLýPhụThuộc
https://www.reddit.com/r/programming/comments/1o2408y/keeping_my_nix_inputs_fresh/
-
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
Keep your dependencies up to date with Renovate 🔄📦
Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.
At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.
📅 Oct 16 | Basel
🎟️ https://eventfrog.ch/BaselOne2025
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
“Package Managers Are Evil”, Bill “GingerBill” Hall (https://www.gingerbill.org/article/2025/09/08/package-managers-are-evil/).
On HN: https://news.ycombinator.com/item?id=45167394
On Lobsters: https://lobste.rs/s/zvdtdn/package_managers_are_evil
#Programming #Packages #Dependencies #DependencyHell #PackageManagers #Rants #DependencyManagement
-
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
via @dotnet : Preparing Your .NET MAUI Apps for Google Play’s 16 KB Page Size Requirement
https://ift.tt/Ts2afNB
#DotNetMAUI #GooglePlay #16KBPageSize #AndroidDevelopment #AppPerformance #DotNet9 #MobileApps #AppLaunch #DependencyManagement #TechUpdates #Softwar… -
EU CRA: It's Later Than You Think, Time to Engineer Up! https://nxdomain.no/~peter/eu_cra_its_later_than_you_think_time_to_engineer_up.html (or tracked https://bsdly.blogspot.com/2025/09/eu-cra-its-later-than-you-think-time-to.html) It's about upping your engineering game! -- a workshop article with hands on parts #developement #EUCRA #CRA #cyberresilienceact #sbom #softwarebillofmaterials #engineering #quality #freesoftware #libresoftware #dependencies #dependencymanagement