In response to a security ticket or sprint task, engineers can use Dependency Autofix to upgrade a specific package before it might be upgraded automatically in the background.
First, search for the package to be upgraded from your list of repositories enabled for Dependency Autofix. In this example, we’re upgrading the NodeJS package tar.
Upgrades can also be triggered from a Component Issue found within one of your SBOMs:
EdgeBit will calculate the most suitable version to upgrade to by parsing the dependency graph. By default, an analysis report is created but an optional Pull Request can also be opened once the analysis is complete.
Click the start button to create the Proposal and start the analysis. The proposal will contain the upgrade to tar, if available, and any transitive dependencies that may be required for that new version.
An analysis will be completed across all of the upgraded dependencies to determine how the upgrade will interact with your app code and any risk that it poses.
