DiscoverOpen Source SecurityUpdating open source dependencies with Jamie Tanna
Updating open source dependencies with Jamie Tanna

Updating open source dependencies with Jamie Tanna

Update: 2025-12-08
Share

Description

Josh discusses updating open source dependencies with Jamie Tanna. Jamie works on Renovate which gives them a lot of insight into the challenges of keeping your open source updated. We discuss the challenges of semantic versioning, supply chain security, and AI-generated code. If you're new or old to the world of open source dependencies, there's something to learn from this chat.

The show notes and blog post for this episode can be found at
https://opensourcesecurity.io/2025/2025-12-renovate-jamie

Comments 
In Channel
Updating open source dependencies with Jamie Tanna

Updating open source dependencies with Jamie Tanna

2025-12-0829:31

TARmageddon with Alex Zenla

TARmageddon with Alex Zenla

2025-12-0142:39

Python Security with Seth Larson

Python Security with Seth Larson

2025-11-2431:44

Linux Vendor Firmware Service with Richard Hughes

Linux Vendor Firmware Service with Richard Hughes

2025-11-1735:46

NPM supply chain attacks with Charlie Eriksen

NPM supply chain attacks with Charlie Eriksen

2025-11-0934:31

Detecting XZ in Debian with Otto Kekäläinen

Detecting XZ in Debian with Otto Kekäläinen

2025-11-0231:48

Eclipse Foundation SBOMs with Mikael Barbero

Eclipse Foundation SBOMs with Mikael Barbero

2025-10-2031:15

Actually finding vulnerabilities using AI with Joshua Rogers

Actually finding vulnerabilities using AI with Joshua Rogers

2025-10-1331:35

Sustaining Package Repositories with Brian Fox

Sustaining Package Repositories with Brian Fox

2025-10-0642:20

Arch Linux Security with Foxboron and Anthraxx

Arch Linux Security with Foxboron and Anthraxx

2025-09-2938:08

OpenSSL with Hana Andersen and Anton Arapov

OpenSSL with Hana Andersen and Anton Arapov

2025-09-2228:48

The Python Software Foundation with Deb Nicholson

The Python Software Foundation with Deb Nicholson

2025-09-1537:48

Using Mercator to map assets with Didier Barzin

Using Mercator to map assets with Didier Barzin

2025-09-0825:48

Talos Linux security with Andrey Smirnov

Talos Linux security with Andrey Smirnov

2025-09-0138:04

Discussing the Open Source, Open Threats? paper with Behzad and Ali

Discussing the Open Source, Open Threats? paper with Behzad and Ali

2025-08-2534:59

crates.io trusted publishing with Tobias Bieniek

crates.io trusted publishing with Tobias Bieniek

2025-08-1825:39

CVE update with Patrick Garrity

CVE update with Patrick Garrity

2025-08-1132:25

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

GCVE with Cédric Bonhomme and Alexandre Dulaunoy

2025-08-0431:38

EU Regulations will change everything with Daniel Thompson

EU Regulations will change everything with Daniel Thompson

2025-07-2831:57

Open source microprocessors with Jan Pleskac

Open source microprocessors with Jan Pleskac

2025-07-2130:51

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Updating open source dependencies with Jamie Tanna

Updating open source dependencies with Jamie Tanna