Fossabot: AI code review for Dependabot/Renovate on breaking changes and impacts

Summary

Today we're announcing fossabot, a new AI Agent for making strategic dependency updates, backed by a comprehensive accuracy, consistency, and correctness framework. fossabot is able to deliver completed work just like an engineer, including researching new versions, finding app impact and adapating code if needed. This product fulfills our philosophy for automating dependency updates and EdgeBit acquisition. fossabot is currently available as a public preview, with a focus on the JavaScript and TypeScript ecosystems. Your dependencies are simultaneously moving too fast and too slow For a decade, FOSSA has protected businesses from open source risk in two large categories: compliance and security. We’ve identified a new, third category of risk that is emerging: dependency churn and update stagnation. AI coding agents churning out new repos and dependencies trees faster than we can follow. At the same time, crown jewel apps can’t keep up with the fast pace of upstream development and fall more behind. Neither are good, but fossabot is here to help...as if your best engineer managed updates 24/7. Every dependency update program is broken The root of the problem is that every enterprise dependency update program is broken. Why? Our tools can’t make strategic updates like our engineers are capable of. Instead, enterprises focus is making the smallest update possible to fix an alert, only to do it again next month. No time is devoted to figuring out how to upgrade to the latest version of a package and the benefits it may bring to the app. fossabot, our dependency updating AI agent, is capable of large complexity upgrades – the ones that require a senior engineer because they’re always an unexpected multi-hour research and coding task. DependabotbotcompatibilityunknownBump lodash from 4.17.20 to 4.17.21Summary by fossabotI recommend merging this lodash update from 4.17.20 to 4.17.21. This is a patch release that fixes several security vulnerabilities and includes performa...