For anyone wanting this functionality directly in the editor and is working with npm / vs code i've found this extension to be great <a href="https://marketplace.visualstudio.com/items?itemName=pflannery.vscode-versionlens" rel="nofollow">https://marketplace.visualstudio.com/items?itemName=pflanner...</a><p>( no affiliation just a happy user )
recent (4 days ago) discussion of the aquisition: <a href="https://news.ycombinator.com/item?id=19989631" rel="nofollow">https://news.ycombinator.com/item?id=19989631</a>
Excellent marketing! I checked out the author's product, Statusgator, and signed up for a $30/mo plan. It aggregates statuspages of all the vendors we use, and pings our slack channel. Super useful!
<a href="https://renovatebot.com/" rel="nofollow">https://renovatebot.com/</a> is open source and supports more dependency management systems
> "Microsoft, the richest public company in the world"<p>Not even the top 15 [1], they are 16th.<p>[1] <a href="https://www.forbes.com/global2000" rel="nofollow">https://www.forbes.com/global2000</a>
I don’t understand why we need these tools when we use semver? The semver range should be flexible enough to handle the nonbreaking changes. You definitely don’t want a bot updating breaking changes of dependencies automatically, unless you like breaking things. That’s the kind of thing that should require manual intervention for.
<i>Setup and installation is simple: a quick sign up with GitHub OAuth was all that was required, along with a grant to read and write code in our repositories.</i><p>Why does it need permissions to read and write code? If it's a public repository, anyone can read. It shouldn't be modifying code. At best it should be submitting patch requests.<p>Giving Microsoft write permission on open source code is dangerous. They might decide that they need to inject "telemetry". As they've done to non-Microsoft applications on Windows.