问题
I want some of my dependencies to be up-to-date and I want to make sure whenever there is a new version of my dependencies, my project uses the last version of that dependencies. I want to run a job in my Continuous Integration pipeline in order to update my dependencies and run all test in my project to make sure nothing bad happened during update. It can help us to overcome security vulnerabilities sooner And make changes to my project continuously.
回答1:
Fortunately after a lot of search and spending lots of time I found a very useful open source tool and I want to share it here for anyone else looking for the solution. there is a tool out there which is called Renovate it is language independent and works with all package managers like maven, npm, pip, and any other package manager. it is already used in github and gitlab and it can also be used in self-hosted gitlab.
How it works:
It checks your project for dependency update and if there is an update available for any of your dependencies it create new merge request for you (with those update) and you can set your pipeline to run on merge requestour and make sure everything is OK after update.
there are different ways for installing it you can use Renovate CLI and also there is a docker image available.
here is the link: https://resources.whitesourcesoftware.com/blog-whitesource/welcome-to-whitesource-renovate
and here is the gitlab project link: https://github.com/renovatebot/renovate
And there is a great doc for this project: https://docs.renovatebot.com/
来源:https://stackoverflow.com/questions/62261208/what-is-the-best-way-to-authomatically-update-project-dependecnies