May 17, 2020
Keeping dependencies up to date is critical to avoiding security vulnerabilities and keeping your codebase modern and maintainable. However, many modern applications and libraries are built on the shoulders of giants. Instead of manually keeping your dependencies up to date, delegate that task to GitHub Actions!
Some days our JS can feel like a house of cards stacked on top of thousands of NPM dependencies. Maintaining all the latest dependencies can be a daunting task. A combination of GitHub integrations make this much easier, so we can focus on writing features our customers love and focus less on keeping our dependencies up to date.
GitHub Actions provide a robust ecosystem of SaaS integrations to let us automate the chores of:
With the above set of actions and the right set of automated tests, we can safely be on the latest version of all dependencies with confidence that our application or library is fully functional and is free of all resolved security vulnerabilities in our dependencies.