Outdated Dependencies Causing Security Vulnerabilities #1145
Comments
No, this is not a valid option. You only get the OS updates with apt upgrade. But tons of Node packages would need updates too to keep the software secure. |
|
We've got dependabot running, does renovate offer much more than dependabot? |
Yes, it can update Dockerfiles and Helm Charts either. |
|
Hi @mattwoberts , I want to use Fider at our company, but there are a lot of vulnerabilities caused by outdated dependencies. I noticed that many were fixed by commits 168b66e and 934ee5e, but there are still several remaining. I think it's because docker image... How about update Debian from "Bullseye" to "Bookworm"? Below, I’ve included a report generated today: |
|
@kimtiago You're right, the docker image is well due for an update, feel free to PR, otherwise I can take a look soon-ish |
The project's dependencies are outdated and potentially exposing us to security vulnerabilities. Many of Fider's dependencies have released new versions with security patches, but we have not updated them in a while. This not only poses a security risk but also hinders our ability to leverage new features and improvements.
Proposed Solution:
Utilize the Renovate bot to automate dependency updates. Renovate is a powerful tool that can automatically detect and update outdated dependencies in this project, ensuring that we are always using the latest, most secure versions. It can also create pull requests with detailed changelogs and test the updates to ensure they do not introduce breaking changes. By implementing Renovate, we can proactively address dependency-related issues and maintain a more secure and up-to-date codebase.
The text was updated successfully, but these errors were encountered: