It is a major effort, often unfortunately ignored, keeping the dependencies in an open source project up to date. This was highlighted in Jesse Houwing’s post on the state of the Azure DevOps Marketplace.

Since reading this I have made much more of an effort to keep my Azure DevOps Extensions up to date. Dependabot generated PRs have been a great help in this regard. Creating PRs for vulnerabilities and out of date dependencies.

However, no level of AI can protect you from stupidity. Recently, as part of addressing a vulnerability via a refactoring to change testing framework, I wasted far too long trying to work out why all my test passed in my Codespace, but failed in the CI build. I had forgotten to commit the jest.config.js file as my .gitignorewas set to ignore all .JS files as I was working in TypeScript.

Very frustration, but a good reminder to always check the files you are committing are the ones you expect.