Member-only story
How to Keep Your App Dependencies Up-To-Date?
What are the challenges and how to automate maintenance properly?
One aspect of software development is often overlooked: maintaining dependencies. I won’t lie, for a long time, it was the case for me and my teams.
Why spend time on maintenance?
Keeping out-of-date dependencies will not only create incompatibilities, or look uncool. It raises two huge issues: security and performance.
Remember the Equifax breach? Well, that’s a $425M settlement that could have been avoided, but how? René Gielen, vice president of Apache Struts, says:
Most breaches we become aware of are caused by failure to update software components that are known to be vulnerable for months or even years
Yes, maintaining dependencies also has a huge impact on performance. A use-case with React Native navigation is a good example. It shows how the newest version brings higher performance but also helps to improve code quality.
Challenges
There is one primary issue when it comes to upgrading dependencies: time.
You must be aware of every single dependency update and apply the necessary change. For huge applications, it’s not uncommon to have multiple updates on a single day.
Applying the necessary change means:
- Updating your configuration (package.json with NodeJS, Maven config with Java, or pip for Python, ..)
- Usually sending the upgraded configuration to a GIT repository
- If you want your application to work, you need to test your new configuration (and sometimes make changes) before adding them to your main work.
Some tools allow you to get a list of dependencies to update. NPM for example has a built-in command. Other community tools help achieve the same result, with more functionalities, like npm-check-updates.
