https://vo.rs/tags/dependencies/Dependencies - Tag - vo.rsHugo -- gohugo.ioenThis work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.Sat, 07 Feb 2026 10:00:00 +0000https://vo.rs/story/renovate-bot-automated-dependency-updates-that-dont-break-everything/<p>I have a confession that every honest engineer shares: I do not update my dependencies often enough. Things work, the backlog is long, and the moment you bump one library you discover three transitive ones that hate you now. So packages rot, CVEs accumulate, and then one terrible Tuesday you attempt a major upgrade across two years of drift and lose an afternoon to it. Renovate exists to stop that slow-motion disaster by turning one enormous painful upgrade into a steady stream of tiny, reviewable ones.</p>Sat, 07 Feb 2026 10:00:00 +0000https://vo.rs/story/sbom-software-bill-of-materials-and-why-you-should-care-about-your-dependencies/<p>Every time a serious supply-chain vulnerability lands, the same scramble begins. Someone in a chat channel asks &ldquo;are we affected?&rdquo; and the honest answer, for most teams, is &ldquo;give us a few days and we&rsquo;ll tell you.&rdquo; That few days is the gap an SBOM is meant to close. A Software Bill of Materials is just an inventory — a machine-readable list of every component that went into a build — but having one ready before the panic is the difference between an afternoon and a fortnight.</p>Fri, 21 Nov 2025 07:00:00 +0000