Seeking Input on Using Dependabot for Code Security and Kentico Compatibility

David Pearson asked on July 3, 2023 14:35

Has anyone here utilized Dependabot? Our organization is considering implementing Dependabot to ensure code security by addressing vulnerabilities. For instance, we have a Kentico 12 site that requires updates such as Microsoft.dataOData from version 5.6.4 to 5.8.41 and Newstonsoft.Json to version 13.0.2.

I'm curious if Dependabot updates might cause any complications with Kentico. Additionally, I would appreciate recommendations on best practices for using Dependabot.

Recent Answers

Not Applicable answered on July 7, 2023 10:33 (last edited on July 7, 2023 10:33)

For the CMS project, it’s better to use the package versions that Kentico provides. Later versions can potentially break something without further code changes. Often a package upgrade to a later non-major version works well, but you take a risk. For Kentico 13, they recently upgraded some outdated packages with 13.0.110.

0 votesVote for this answer Mark as a Correct answer

David Pearson answered on July 7, 2023 14:18

To the best of my recollection, I recall a situation in the past where an individual updated a library to fulfill a specific requirement, resulting in Kentico malfunctioning. Perhaps it would be helpful if Kentico could provide us with some recommended guidelines or best practices on this matter.

0 votesVote for this answer Mark as a Correct answer

   Please, sign in to be able to submit a new answer.