Dependabot for bugs/regressions?

Are there services/tools that report any known bugs/regressions in dependency versions you’re using?

I know that there are several services/tools out there for scanning your dependencies for known security vulnerabilities.

Please excuse me if I completely missed it googling

2 Likes

Not sure if that helps but this is what claude gave me to your answer:

  • Dependabot - Not just security, but also tracks breaking changes and bugs in dependencies
  • Snyk - While known for security, it also monitors for stability issues and bugs
  • In the Node.js world, npm audit gives heads up about known issues
  • Renovate Bot - Helps track dependency updates and known issues
2 Likes

I might have missed that! The dependabot documentation only touches on security vulnerabilities (again maybe I missed that :sweat_smile:).

Has anyone used these tools to identify non security vulnerabilities? Used it to identify functionality regressions/bugs?

1 Like

To identify bugs in dependencies? I’m not sure that exists.
While implemented, they should write unit tests and those can be tested using Mutation Testing.

To identify bugs in dependencies? I’m not sure that exists.

Exactly this

While implemented, they should write unit tests and those can be tested using Mutation Testing.

Mutation testing is great and your dependencies should be using it to “test their tests” but there’s no way as a dependency consumer to know or control that. Even worse when you add in transient dependencies.

I think the problem is security vulnerabilities are tracked in centralized sources but bugs/issues are a part of whatever repository/issue tracking software each dependency uses.

It feels like this would be killer, whoever implements this.