Outdated Dependencies Causing Security Vulnerabilities

[Footur]

The project's dependencies are outdated and potentially exposing us to security vulnerabilities. Many of Fider's dependencies have released new versions with security patches, but we have not updated them in a while. This not only poses a security risk but also hinders our ability to leverage new features and improvements.

Proposed Solution:

Utilize the Renovate bot to automate dependency updates. Renovate is a powerful tool that can automatically detect and update outdated dependencies in this project, ensuring that we are always using the latest, most secure versions. It can also create pull requests with detailed changelogs and test the updates to ensure they do not introduce breaking changes. By implementing Renovate, we can proactively address dependency-related issues and maintain a more secure and up-to-date codebase.

[Goldenflamer]

Would be an acceptable way to keep our Fider docker images updated, by just doing apt-get update && apt-get upgrade?

I know it's not the correct way, as the service could be programmed to work with a specific dependency version. But, after trying it on my homelab, no functionalities were broken, and also de base image was updated.

Thanks!

No, this is not a valid option. You only get the OS updates with apt upgrade. But tons of Node packages would need updates too to keep the software secure.

[mattwoberts]

We've got dependabot running, does renovate offer much more than dependabot?