🤖 This post includes some LLM-derived content 🤖 As part of the work we're doing towards the upcoming Renovate 42 to improve minimumReleaseAge support, I thought it would be useful to straightforwardly identify cases where dependencies (or updates to existing dependencies) do not have release timestamps information. For instance, when we have the Renovate debug logs, I'd like to be able to take the packageFiles with updates debug log line and output: do any dependencies not have a releas...| Jamie Tanna | Software Engineer
🤖 This post includes some LLM-derived content 🤖 I'm a fan of using Renovate's config.js file format for the global self-hosting configuration. One thing that's always caught me out, compared to the repo-level configuration, is that I don't get IDE autocomplete by default. Today, I ended up sitting down to look at how to get it working - and turns out it was ~2 lines of code to add 🫣 (This is based on my experience using Neovim 0.11.4, and ts_ls 5.0.1) Because it is "just" a JavaScrip...| Jamie Tanna | Software Engineer
As part of getting ready for my new job at Mend this week, working on Renovate, I've been thinking a little bit about my workflow. One of the choices the Renovate maintainers made a couple of years ago was that Q&A/feature requests should come through the GitHub Discussions on the project, then will be "promoted" into an Issue that then will get addressed after a level of triage. I'm a big fan of this, as well as the fact that the project is using Discussion category forms to provide a struct...| Jamie Tanna | Software Engineer
How a change targeting internal GitHub repositories backfired and inadvertently made Elastic's public-facing repositories private.| Jamie Tanna | Software Engineer
I'm not particularly jq-savvy, so when I have to play with it, I find it a little difficult at times. (Yes, LLMs make the process a little less painful, as I can outsource some of the thinking to them) Although there are online tools like the JQ Playground, y'all know my thoughts on the fact that you shouldn't use online tools, so I wanted to look for alternatives. I'd started looking into Neovim plugins for it, and then found a cool Terminal User Interface (TUI) called jqp which provides a l...| Jamie Tanna | Software Engineer
When working with GitHub Actions, you may have encountered a Workflow that pins the digest of the Action being used: steps:- uses:release-drafter/release-drafter@09c613e259eb8d4e7c81c2cb00618eb5fc4575a7# v5 So how do you go about determining the digest? We definitely don't want to manually update these over time, and so instead want to outsource this to tools like Renovate and Dependabot, which understand i.e. the v5 means "keep this up-to-date with the latest v5.x release". For folks not awa...| Jamie Tanna | Software Engineer
With oapi-codegen, as many other folks in the ecosystem, we've been asked a few times in the past "can you please update this dependency as it has a CVE". I'll generally reach for govulncheck as a way to confirm the impact, given it validates - via static analysis - whether the dependency is actually called as part of your operation (sometimes known as "reachability"). Although we're still working towards defining when dependencies with CVEs will be updated, this is a step towards being able ...| Jamie Tanna | Software Engineer
Early in 2024, I hit an issue with Go not allowing me to use go:embed. (Aside: this is one of those posts that has been on the backburner and I'm finally getting around to it given I had a few minutes spare, and I want to test some new functionality in my blog-to-LinkedIn syndication.) I can't remember the full details for what I was exactly doing, but I remember having a set of files such as: % ls -al total 20 drwxr-xr-x 2 jamie jamie 4096 Sep 10 15:00 . drwx------ 3 jamie jamie 4096 Sep 10 ...| Jamie Tanna | Software Engineer
An example of how to reduce the size of a Go module's dependencies by taking advanage of Go module pruning.| Jamie Tanna | Software Engineer
Better dependency management for your tools and without needing to `go install` the tools before executing them.| Jamie Tanna | Software Engineer
Why I'm very excited about `go tool` landing in Go 1.24.| Jamie Tanna | Software Engineer
