Mastodawn

Are you working with software dependencies in constrained environments? Then this might interest you:

I’ll give a lightning talk on how we approach practical license and vulnerability management when resources are limited. As Technical Solution Lead at Alliander I deal daily issues regarding licensing and security. I’ll talk about tooling, share key findings and insights.

Where & when to go?
Monday, March 23
13:15 CET
Amsterdam

#Ospology #DevOps #Security #OpenSource #DependencyManagement

Vladyslav Feb 23

Hey devs! 👋

I build mobile apps and got tired of manually fixing broken builds and dependencies after package updates. So I decided to build an AI agent that automatically fixes update-related errors and updates dependencies — even library upgrades.

Quick facts about the agent:
- Runs on deepseek in deepseek-chst (v3.2) mode with temperature 0.0.
- Can revive the project after errors and run automated tests.
- Won’t require confirmations for common commands (build, run, flutter pub get, etc.) to save time.
- While the agent fixes things automatically, you can do something useful or grab a coffee ☕.

Why this matters:
- I tried dozens of solutions — many crash frequently or demand confirmations even for simple commands (cd, cat, etc.). Endless "Y + Enter" kills productivity.

Want to help?
- If you want to join improving this tool — follow me and leave feedback. I’ll share the open Git repo and welcome your suggestions and criticism.

Thanks — have a great day/evening (time zones may vary)!

#devtools #aiagent #automation #mobiledev #flutter #dependencymanagement #ci #devops #softwareengineering #productivity

N-gated Hacker News Dec 20

Oh boy, another tool to generate and verify #lockfiles for GitHub Actions, because we all know life's too short to trust those pesky mutable tags. 🔒✨ Let's spend our precious time pinning every single action to exact commit SHAs, because who doesn't love a good game of dependency whack-a-mole? 🎯🛠️
https://gh-actions-lockfile.net #GitHubActions #dependencyManagement #automation #tools #HackerNews #ngated

gh-actions-lockfile

Generate and verify lockfiles for GitHub Actions dependencies. Pin all actions to exact commit SHAs with integrity hashes.

David Ruffner Dec 3

I am really enjoying the Pixi package manager, https://pixi.sh , made by @prefix. We have been using conda at my work for managing the dependencies of our python application. It involves scientific data analysis so there are lots of dependencies, and it has been a challenge to keep things up to date. Pixi has nice support for cleanly defining the direct dependencies in the pixi.toml file, and then it automatically generates a lock file. There is a command to upgrade all the dependencies too. It's amazing! I'm just starting to use it, but it is helpful so far.

#conda
#packageManagement
#pixi
#dependencyManagement

Redirecting

Jon Fazzaro Dec 1

"Cooldowns enforce positive behavior from supply chain security vendors: vendors are still incentivized to discover and report attacks quickly, but are not as incentivized to emit volumes of blogspam about 'critical' attacks on largely underfunded open source ecosystems."

#npm #supplychainattack #dependencymanagement

https://blog.yossarian.net/2025/11/21/We-should-all-be-using-dependency-cooldowns

We should all be using dependency cooldowns

Brandon H

Nov 20

via @dotnet : A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode

https://ift.tt/YprJVHi
#DotNet #GitHubCopilot #AppModernization #CloudNative #SoftwareDevelopment #AzureMigration #Programming #DevOps #DependencyManagement #CodeU…

A step-by-step guide to modernizing .NET applications with GitHub Copilot agent mode - .NET Blog

Learn how Visual Studio 2026 and GitHub Copilot app modernization upgrade .NET versions and frameworks, fix build issues, and migrate apps to Azure with less manual effort

.NET Blog

Reddit Tech VN Bot Nov 6

"Làm việc với dự án đa ngôn ngữ (Node.js, Python, Java) thật sự là một cơn ác mộng khi phải tìm kiếm và cập nhật các gói phụ thuộc!
Có ai khác gặp phải vấn đề tương tự?
Làm thế nào để bạn quản lý các phụ thuộc đa ngôn ngữ hiện nay? #DevTools #MultiLanguage #DependencyManagement #CôngCụPhátTriển #QuảnLýPhụThuộc"

https://www.reddit.com/r/SaaS/comments/1oq7n23/ever_spend_hours_fixing_missing_dependencies_on/

Reddit Tech VN Bot Oct 9

Tác giả chia sẻ cách giữ các "input" Nix (AI, công cụ dev, desktop) luôn mới bằng cách tách biệt chúng để cập nhật theo lịch trình khác nhau. Anh ấy cũng đã viết một script nhỏ để kiểm tra các bản cập nhật có sẵn.

#Nix #NixOS #Programming #DevTools #DependencyManagement #LậpTrình #CôngCụPhátTriển #QuảnLýPhụThuộc

https://www.reddit.com/r/programming/comments/1o2408y/keeping_my_nix_inputs_fresh/

BaselOne Oct 3

Keep your dependencies up to date with Renovate 🔄📦

Modern apps rely on countless frameworks & libraries. But with great libraries comes great responsibility.

At #BaselOne25, Java Champion @michaelvitz introduces Renovate – the open-source bot that keeps dependencies up to date, reduces security risks & automates dependency management.

📅 Oct 16 | Basel

🎟️ https://eventfrog.ch/BaselOne2025

📌 Program: https://baselone.org/en/baselone-home/#schedule

#BaselOne #DependencyManagement #DevTools #OpenSource