Querying your organisation's Renovate configuration using SQL(ite) (3 mins read).
A new tool, renovate-config-sqlite
to pull Renovate configuration into an SQLite database.
Querying your organisation's Renovate configuration using SQL(ite) (3 mins read).
A new tool, renovate-config-sqlite
to pull Renovate configuration into an SQLite database.
Why I recommend Renovate over any other dependency update tools (10 mins read).
Explaining why Renovate is going to be my solution to keeping up-to-date with dependencies and it's not likely to change any time soon.
Week Notes 24#14 (4 mins read).
What happened in the week of 2024-04-01?
Week Notes 24#13 (4 mins read).
What happened in the week of 2024-03-25?
What can we learn about the backdooring of xz
/liblzma
, using OpenSSF Security Scorecards and dependency-management-data? (6 mins read).
Looking at how the recent CVE-2024-3094 vulnerability could provide insight into other cases of risk in dependencies and their lack of code review.
Week Notes 24#12 (4 mins read).
What happened in the week of 2024-03-18?
Week Notes 24#11 (5 mins read).
What happened in the week of 2024-03-11?
Week Notes 24#10 (3 mins read).
What happened in the week of 2024-03-04?
What routes is my http.ServeMux
listening for? (2 mins read).
How to fairly quickly list the routes that your http.ServeMux
is handling, pre- and post-Go 1.22.
Why is Go 1.22's enhanced routing not working for me? (2 mins read).
Why you may be receiving 404 page not found
errors when using Go's new enhanced routing in Go 1.22.
Week Notes 24#09 (7 mins read).
What happened in the week of 2024-02-26?
Job titles are bullshit (6 mins read).
When is a Senior Engineer not a Senior Engineer, no standardisation across the industry, and other reasons job titles are frustrating.
Week Notes 24#08 (4 mins read).
What happened in the week of 2024-02-19?
Week Notes 24#07 (4 mins read).
What happened in the week of 2024-02-12?
I'm on Changelog and Friends! (2 mins read).
Announcing my first podcast appearance on Changelog and Friends, talking about salary history, the IndieWeb, ADHD and dependency-management-data, among other things.
You should listen to The Changelog (5 mins read).
Why you should really be adding The Changelog (and its network of podcasts) to your rotation of tech podcasts.
Gotcha: Don't try and authenticate to URLs generated by GitHub Actions Artifacts v4 (3 mins read).
Why you may be receiving errors when trying to authenticate to download GitHub Actions Artifacts using the v4 Actions.
Week Notes 24#06 (4 mins read).
What happened in the week of 2024-02-05?
Quantifying your reliance on Open Source software (State of Open Con version) (20 mins read).
A writeup of my talk about the dependency-management-data project at the State of Open Con 2024 conference.
Week Notes 24#05 (3 mins read).
What happened in the week of 2024-01-29?
Celebrating dependency-management-data's first birthday (6 mins read).
Reflecting on the last year of the project.
Week Notes 24#04 (4 mins read).
What happened in the week of 2024-01-22?
Introducing insight into your dependencies' health in dependency-management-data (2 mins read).
How you can use the new dependency health functionality to better understand your dependencies.
dependency-management-data now has a logo! (1 mins read).
Very excited to note that the project now has a logo.
Why am I getting Too many arguments
with vault
? (1 mins read).
Why you may be getting Too many arguments
from the vault
CLI, and how to fix it.
Week Notes 24#03 (4 mins read).
What happened in the week of 2024-01-15?
Using renovate-to-sbom
with the GitHub Dependency Submission API (4 mins read).
How to improve the data in GitHub's Dependency Graph by using an SBOM produced by Renovate data.
Comparing the different Merge Request / Pull Request merge methods in GitLab and GitHub (2 mins read).
How the different merge methods for contributions work between GitLab and GitHub.
How to unpublish/redact/undo/retract a Go release (3 mins read).
How to retract a release version of a Go version, without risking folks automagically upgrade to that version.
Week Notes 24#02 (5 mins read).
What happened in the week of 2024-01-08?
How do you represent a JSON field in Go that could be absent, null
or have a value? (5 mins read).
Why it's surprisingly hard to work out a field has been sent or whether it's explicitly null, when using Go's encoding/json
.
Week Notes 24#01 (2 mins read).
What happened in the week of 2024-01-01?
Why is set -eu
not working? (2 mins read).
Why you may be finding set -u
in a shell script not exiting when set -e
is also present.
2023's Music In Review (4 mins read).
What music was I listening to in 2023?
2023's Site In Review (2 mins read).
How did my site perform in 2023?
Week Notes 23#52 (2 mins read).
What happened in the week of 2023-12-25?
Week Notes 23#51 (2 mins read).
What happened in the week of 2023-12-18?
Week Notes 23#50 (3 mins read).
What happened in the week of 2023-12-11?
Week Notes 23#49 (3 mins read).
What happened in the week of 2023-12-04?
You can now interact with dependency-management-data using GraphQL (2 mins read).
Announcing the release of the GraphQL API for dependency-management-data.
Week Notes 23#48 (4 mins read).
What happened in the week of 2023-11-27?
Week Notes 23#47 (2 mins read).
What happened in the week of 2023-11-20?
You can now use Open Policy Agent with dependency-management-data (2 mins read).
How to use Open Policy Agent to perform much more effective flagging of package compliance with dependency-management-data.
Week Notes 23#46 (4 mins read).
What happened in the week of 2023-11-13?
Week Notes 23#45 (5 mins read).
What happened in the week of 2023-11-06?
Introducing snyk-export-sbom
to export SPDX and CycloneDX SBOM from Snyk (2 mins read).
Creating a new command-line tool for more easily retrieving Software Bill of Materials (SBOMs) from Snyk, as well as adding licensing information to SBOMs.
Week Notes 23#44 (3 mins read).
What happened in the week of 2023-10-30?
Using dependency-management-data with npm's SPDX and CycloneDX SBOM export functionality (1 mins read).
How to get started with npm's SBOM export functionality with dependency-management-data.
Introducing renovate-to-sbom
to convert Renovate data to Software Bill of Materials (SBOMs) (1 mins read).
Creating a new command-line tool for converting Renovate data exports to Software Bill of Materials (SBOMs).
dependency-management-data now supports OSS Review Toolkit (ORT) (1 mins read).
How to use data from OSS Review Toolkit (ORT) with dependency-management-data.