• Platform
    Mend-io-logo-mark
    AI Native AppSec Platform Take a tour
    Announcing dependency deprecation warnings - ai
    Mend AI Secure AI powered applications
    Mend sast icon
    Mend SAST Secure proprietary code 10x faster
    Mend container small icon
    Mend Container Container security done right
    Announcing dependency deprecation warnings - sca
    Mend SCA Decrease open source risk
    Announcing dependency deprecation warnings - renovate
    Mend Renovate Automate dependency updates
    Expand AppSec coverage
    Announcing dependency deprecation warnings - dast icon 1 DAST Announcing dependency deprecation warnings - apis icon 1 API security Announcing dependency deprecation warnings - eol icon EOL support
    Platform Benefits
    Announcing dependency deprecation warnings - repoi icon Repo integration Scalability-icon Scalability Announcing dependency deprecation warnings - reachability icon Reachability
  • Solutions
    Ai models risk - nav bar icon
    AI app security Manage risks in AI models and agents
    Ai-red-teaming-icon-
    AI red teaming Test and secure conversational AI
    Announcing dependency deprecation warnings - ai gen code security nav bar icon 36x36 1
    AI gen code security Real-time AI code security
    Sbom - nav bar icon
    SBOM Move from static to effective SBOMs
    Runtime-security-nav-bar-icon
    Dynamic testing Test for risks in running applications
    Code scanning - nav bar icon
    Code scanning Find and fix known vulnerabilities
    Open source license nav bar icon
    Open source security Prevent. Prioritize. Automate.
    Open source license - nav bar icon
    Open source compliance Risk management for OSS licenses
    Dependency updates - nav bar icon
    Dependency updates Reduced risk, better code
    Container security container security
    Container security Container security, simplified
  • Company
    About us - nav bar icon
    About us Who we are
    Careers nav bar icon
    Careers Join our team
    Partners - nav bar icon
    Partners Meet our partners
    Events - nav bar icon
    Events Upcoming events
    Newsroom - nav bar icon
    Newsroom The latest Mend.io news
    Contact-us nav bar icon
    Contact us Connect with us
  • Resources
    Resource center - nav bar icon
    Resource center View our latest resources
    Blog - nav bar icon
    Blog The latest AppSec news and insights
    Podcast-icon
    Podcast Insights from leading experts
    Customers - nav bar icon
    Customers View our customer case studies
    Integrations - nav bar icon
    Integrations Find your integration
    Langugages nav bar icon
    Languages Find your language
    Vulnerability database - nav bar icon
    Vulnerability database Mend.io's OSS vulnerability database
    Documentation - nav bar icon
    Documentation Product and feature documentation
    Featured
    Announcing dependency deprecation warnings - featured image
    A CISO’s Guide to Securing AI from the Start
    Announcing dependency deprecation warnings - practical guide to sast white paper image
    A Practical Guide to Making the Most of your SAST Investment
Schedule a Demo

Table of contents

Announcing Dependency Deprecation Warnings

Rhys Arkins July 5, 2018 3 min read
Developer
Announcing Dependency Deprecation Warnings - 9 inB

Table of contents

Managing software dependencies is a critical aspect of modern application development. As projects grow and evolve, keeping track of the health and status of each dependency becomes increasingly complex. Recognizing this challenge, Mend.io has introduced a new feature in Mend Renovate: Dependency Deprecation Warnings. This enhancement aims to proactively alert developers when their projects rely on deprecated packages, enabling timely interventions to maintain code quality and security.

Understanding Dependency Deprecation

In the realm of software development, a dependency is considered deprecated when its maintainers have decided to discontinue its support or recommend against its use. This often occurs when a package is superseded by a better alternative, contains unresolved issues, or is no longer aligned with current best practices. Continuing to use deprecated dependencies can expose applications to security vulnerabilities, compatibility issues, and maintenance challenges.

Mend Renovate’s Approach to Deprecation Warnings

With the new feature, Mend Renovate automatically detects deprecated dependencies in your project and raises warning issues. Specifically, when the version tagged as “latest” on the npm registry has its deprecated field set, Mend Renovate will generate a warning. These warnings typically include messages suggesting alternative packages or versions to use.

This proactive approach ensures that developers are immediately informed about deprecated dependencies, allowing them to assess and address potential risks promptly. It’s important to note that if a deprecated dependency is not resolved—either by renaming or removing the package – Mend Renovate will continue to raise replacement issues in subsequent runs.

Customizing Deprecation Warnings

Understanding that development teams have varying needs, Mend Renovate offers customization options for handling deprecation warnings:

  • Ignoring Specific Dependencies: If there’s a particular deprecated dependency you wish to continue using, you can add it to the ignoreDeps array in your configuration. For example: jsonCopyEdit{ "ignoreDeps": ["coffee-script"] }
  • Disabling Deprecation Warnings: To disable deprecation warnings entirely, set the raiseDeprecationWarnings option to false in your configuration.

These customization options provide flexibility, allowing teams to tailor Mend Renovate’s behavior to their specific project requirements.

The Importance of Addressing Deprecated Dependencies

Continuing to use deprecated dependencies can have several adverse effects:

  • Security Vulnerabilities: Deprecated packages may no longer receive security updates, leaving applications exposed to known vulnerabilities.
  • Compatibility Issues: As the broader ecosystem evolves, deprecated dependencies may become incompatible with other packages or newer versions of the language/runtime.
  • Maintenance Challenges: Relying on outdated packages can complicate future development efforts, as finding support or documentation becomes increasingly difficult.

By proactively identifying and addressing deprecated dependencies, development teams can mitigate these risks and ensure the long-term health and stability of their applications.

Integrating with Mend Remediate

For organizations seeking a comprehensive solution to manage and remediate vulnerabilities, Mend Remediate offers seamless integration with Mend Renovate. Mend Remediate automatically opens fix pull requests for vulnerable open-source components, upgrading them to the lowest non-vulnerable version. This integration provides additional capabilities for project dependency health, including real-time monitoring and custom workflow rules.

For more details on Mend Remediate and its integration with Mend Renovate, refer to the official documentation.

Proactive Dependency Management

The introduction of Dependency Deprecation Warnings in Mend Renovate marks a significant step forward in proactive dependency management. By alerting developers to deprecated packages, this feature empowers teams to make informed decisions, maintain code quality, and enhance application security.

To learn more about Mend Renovate and explore its features, visit the Mend Renovate page.

About the author

Rhys Arkins

Rhys Arkins is Vice President of Product Management, responsible for developer solutions at Mend.io. He was the founder of Renovate Bot – an automated tool for software dependency updating, which was acquired by Mend.io in 2019. Rhys is particularly fond of automation and a firm believer in never sending humans to do a machine’s job.

Recent resources

Announcing Dependency Deprecation Warnings - 5 Tools for Managing Dependency Updates

What is LDAP Injection? Types, Examples and How to Prevent It

Tom Abai Mar 21, 2024
Developer

Learn what LDAP Injection is, its types, examples, and how to prevent it. Secure your applications against LDAP attacks.

Read more
Announcing Dependency Deprecation Warnings - How to Use Dependency Injection in Java Tutorial with

How to Use Dependency Injection in Java: Tutorial with Examples

Itay Badichi Feb 13, 2024
Developer

Learn how to use Dependency Injection in Java with this comprehensive tutorial. Discover its benefits, types, and practical examples.

Read more
Announcing Dependency Deprecation Warnings - 8 inA

Idempotency: The Microservices Architect’s Shield Against Chaos

Avner Lewenstein Jan 22, 2024
Developer

Discover the power of idempotency in microservices architecture. Learn how to maintain data consistency and predictability.

Read more

© 2025 Mend.io (White Source Ltd.) All rights reserved.