Hi everyone!
I rarely post here but today I decided to ask the community about some tooling.
One thing that I find daunting in today's web dev ecosystem is how to keep track of dependencies and plugin versions in all layers of our apps and, say, not miss a lot of versions for one tool or the other.
For example, in the project I'm working on, we have a front-end app made with React, a Java/Spring Boot back-end, a Keycloak authentication system, and so on.
So I was asking myself: is there some kind of tool to subscribe to new versions of packages/libs, get warnings about end of life, and such?
I do know there are tools like Maven versions plugin for Java or npm packages to be run manually to get info on possible updates.
My actual question is: how do you guys regularly check for those? Do you have like a calendar reminder to launch a bunch of tools manually (my current "solution" as of today), or something else that I don't know about?
Waiting for your feedback 😊
Top comments (4)
Hi Cécile!
That's a good question and I am interested to see how other teams/devs have handled managing framework/dependency versioning through projects.
In one of my past projects (where I joined mid-development), I took it upon myself to create some documentation for tracking this.
So per technology( React, iOS, etc) , I created a simple wiki that showed all the frameworks that we had implemented in our project and the current version that anyone on the project could view and/or update.
Essentially it looked something like this (and this was in a grid):
My React Project Name
Framework Name | Framework URL | Version | last updated
Matter.js | brm.io/matter-js | 0.17.1 | May, 14th, 2021
React Router | reactrouter.com | 5.1.0 | April 3rd, 2021
....
And then periodically, team members would update it when they changed Frameworks or updated things.
Only problem with this strategy is that your team has to remember to make the updates and yes.....they will forget without reminders. So someone needs to own the success of it.
I wouldn't say it's the best strategy but it was better than nothing. Just a lot of possible human-error.
I also wonder if there is an automated tool that would do that for you.
I too wondered about writing down versions in a common documentation or something along those lines, so it's nice to see someone tried the same thing!
Thanks for your feedback. I'd say tech leads should "own" this responsibility but I can't see it working without reminders or automated tools: we are humans, after all :)
I wrote a tool for Gradle to do just that
About your "actual question": I think looking for updates once a week is reasonable
jmfayard / refreshVersions
Life is too short to google for dependencies and versions
gradle refreshVersions
Documentation is at jmfayard.github.io/refreshVersions
Thanks for your input, I'll take a look at the Gradle tool you developed!