CASE 164 · MORTAR · 2024
Dependency upgrades that just appear, ready to merge.
A B2B SaaS company had 90 repos with dependencies that drifted out of date monotonically. The annual "we need to upgrade everything" project was a known horror. We rolled out Renovate with sensible defaults and let upgrades flow continuously.
B2B SaaS
PLATFORM
2024
RESULTS
What changed, by the numbers.
OUTDATED DEPS (MEDIAN AGE)
< 14d
AUTO-MERGED UPGRADES
78%
SECURITY-PATCH LAG
< 24h
ANNUAL UPGRADE PROJECT
GONE
HOW IT WENT
Dependabot had been turned on, but the PRs piled up because nobody merged them — each had to be reviewed individually, and there were always too many. The team had bigger fires. The annual catch-up project, when it finally happened, took three engineer-months and surfaced bugs nobody had time to fix.
Renovate grouped patch and minor updates by ecosystem, configured auto-merge on a passing CI (which the team trusted because of the pre-commit hooks and high-coverage test suite), and surfaced major updates separately for human review. Slack notifications batched into a weekly digest.
Median outdated-dependency age dropped from 18 months to under 14 days. 78% of upgrades auto-merge without human review. Security-patch lag from advisory to deployed-everywhere is under 24 hours. The annual upgrade project is no longer on the roadmap.
RELATED · SAME DOMAIN
Other engagements in this space.
READY WHEN YOU ARE
Let's get your AWS bill (and architecture) in order.
The discovery call is free. You walk away with at least one concrete idea — even if we never work together.