Modern software relies on hundreds of dependencies. This quiz practises the collocations for keeping your dependency graph secure, up to date, and reproducible.
0 / 5 completed
1 / 5
Every quarter the team will ___ dependencies to find outdated or vulnerable packages.
Audit dependencies is the standard collocation — `npm audit` and similar tools audit dependencies to surface known vulnerabilities.
2 / 5
To ensure reproducible builds, we ___ versions in the lock file and never use ranges in production.
Pin versions is the correct collocation — teams pin versions to exact releases to prevent unexpected updates from breaking builds.
3 / 5
The security team gave us 48 hours to ___ the critical vulnerabilities in our supply chain.
Address vulnerabilities is the standard collocation — teams address vulnerabilities by patching, upgrading, or removing affected packages.
4 / 5
We scheduled a Friday afternoon slot to ___ packages before the next sprint starts.
Upgrade packages is the correct collocation — teams upgrade packages to benefit from bug fixes, performance improvements, and new features.
5 / 5
Dependabot is configured to open PRs whenever it ___ outdated dependencies in our repos.
Track outdated deps is the standard collocation — automated tools track outdated dependencies and surface them as alerts or pull requests.