this is freaking amazing! I have tried it in a few personal projects and I am blown away. I will try it against private repos aswell (jfrog) and see how it behaves, but there is a 99% chance that we will buy a license. thank you for this
Hey, awesome video! :) You mentioned showing us some tips and tricks of renovate but I cannot find them anywhere on your channel, can you link them? :)
Managing k8s is a pain with depreciated APIs imbedded in resource configs. If renovate can be extended to support k8s version detection, that'll be awesome 😎.
Thanks for great video. Maybe I missed but wanna ask a question. Does renovate suggest changes in code block via PR if there is a breaking change for update?
Can get a bit noisy - we were monitoring AWSCLI versions at one time and everyday there was a new pull request..... Otherwise a good product to move forward.....
Is it good for angular projects or node packages? The problem im afraid of is, that often you have to change a lot within the typesceip code if you just update a Angular version or TS
It's good for getting PRs with all the upgrades. Now, whether you will merge those PRs right away or later (or never), depends on your confidence in your tests.
I have a question: will Dependabot or Renovate help us if an SCA (BlackDuck) tool finds vulnerabilities, and will they only fix those vulnerabilities identified by the SCA tool?
In a way, yes. Renovate or depebdabot will create Pars when there are new versions of something. On the other hand, a vulnerability is often fixed by upgrading.
@@DevOpsToolkit I agree Dependabot addresses vulnerabilities by updating to newer versions based on GitHub's internal scan results. I'm curious about which advisory sources Renovate relies on. Additionally, I'd like to know if I can propose a custom advisory, derived from a different SCA tool, through another GitHub action?
@sumit539 as far as I know, it simply looks into repos for new releases and if it finds one that matches your rules about versions it creates a PR. As far as I know, it has no relations with advisories.
What do you use to manage dependencies?
Glad to see Renovate getting more attention. Such a vast feature set which is easily configured.
Great vid, Viktor! Long time renovate user myself and can highly recommend it!
We must get rid of this cumbersome process, once again thank you Viktor! Checking it out..
this is freaking amazing! I have tried it in a few personal projects and I am blown away. I will try it against private repos aswell (jfrog) and see how it behaves, but there is a 99% chance that we will buy a license. thank you for this
Omg I'm famous 🤩
Thanks for the great content!
Thanks for sharing! Will try that out
Awesome video, you and Renovate are both great!
Looks interesting, thanks for sharing!
Awesome video, I found it very insightful.
Great video☝️ thanks!
Great video!!
Great tips!
Great video, thanks for explanation
Hey, awesome video! :) You mentioned showing us some tips and tricks of renovate but I cannot find them anywhere on your channel, can you link them? :)
Unfortinately, I did not do those just yet. I am planning another video related to renovate but I cannot confirm the date.
Dziękujemy.
Thanks!
Great video thanks
Managing k8s is a pain with depreciated APIs imbedded in resource configs. If renovate can be extended to support k8s version detection, that'll be awesome 😎.
That's the top of my wish list.
The best way to get such a feature is to open an issue, if there isn't one yet, and to upvote it ;)
Didn't know Slavoj Žižek knew Golang
Thanks for great video. Maybe I missed but wanna ask a question. Does renovate suggest changes in code block via PR if there is a breaking change for update?
by default it creates PRs.
Can get a bit noisy - we were monitoring AWSCLI versions at one time and everyday there was a new pull request..... Otherwise a good product to move forward.....
You can group PRs and add a schedule. e.g. Combine all 3rd party PRs and let them create on weekends. On Monday then you can merge.
Any thoughts on renovate vs dependabot whoch seems more widely used at least in the k8s space?
Adding it to my TODO list... :)
Is it good for angular projects or node packages? The problem im afraid of is, that often you have to change a lot within the typesceip code if you just update a Angular version or TS
It's good for getting PRs with all the upgrades. Now, whether you will merge those PRs right away or later (or never), depends on your confidence in your tests.
@@DevOpsToolkit i will try it one day thanks✌️
I have a question: will Dependabot or Renovate help us if an SCA (BlackDuck) tool finds vulnerabilities, and will they only fix those vulnerabilities identified by the SCA tool?
In a way, yes. Renovate or depebdabot will create Pars when there are new versions of something. On the other hand, a vulnerability is often fixed by upgrading.
@@DevOpsToolkit I agree Dependabot addresses vulnerabilities by updating to newer versions based on GitHub's internal scan results. I'm curious about which advisory sources Renovate relies on. Additionally, I'd like to know if I can propose a custom advisory, derived from a different SCA tool, through another GitHub action?
@sumit539 as far as I know, it simply looks into repos for new releases and if it finds one that matches your rules about versions it creates a PR. As far as I know, it has no relations with advisories.
@@DevOpsToolkit Thank you for your response :)
Your go.mod had go version 1.16 and docker is now using go 1.18 image 🤔
Good catch
Did I miss it or there was no "cons" section? 😆
There is a cons section but only with one item (scope).
Great, thanks for introducing the tool, seems cool