You use Azure Pipelines to manage build pipelines. GitHub to store source code, and Dependabot to manage dependencies.
You have an app named App1.
Dependabot detects a dependency in App1 that requires an update.
What should you do first to apply the update?
DependaBot is a useful tool to regularly check for dependency updates. By helping to keep your project up to date, DependaBot can reduce technical debt and immediately apply security vulnerabilities when patches are released. How does DependaBot work?
DependaBot regularly checks dependencies for updates
If an update is found, DependaBot creates a new branch with this upgrade and Pull Request for approval
You review the new Pull Request, ensure the tests passed, review the code, and decide if you can merge the change
https://samlearnsazure.blog/2019/12/20/github-using-dependabot/
Currently there are no comments in this discussion, be the first to comment!