When the software you use releases a new version, how does your organization going about upgrading— Whether it's your core framework or smaller dependencies?
How long do you typically go before you get on the latest versions?
When the software you use releases a new version, how does your organization going about upgrading— Whether it's your core framework or smaller dependencies?
How long do you typically go before you get on the latest versions?
For further actions, you may consider blocking this person and/or reporting abuse
I've turned on dependabot on my repos and it does it for me. The only thing I need to do is approve the PR. You should try it out given the fact that Forem is an open source
Yes! That bot is really useful! Also, if you have some heavy image assets on a project you can use ImgBot. 💯
You should use git-lfs (large file storage) for assets and other large files. Here's the github's git-lfs website (and here for gitlab's git-lfs).
My previous job... never? Pace of development, size of the codebase and because of where my team was in the chain meant it rarely (ok, ok, never) happened. Not for the want of trying, but other things like code coverage, performance or bug fixes always trumped upgrading dependencies.
We were also insulated because we were so far downstream from where the infrastructure was defined and where decisions were made. That had it's own challenges but for this specific topic it was probably something we thought about very little.
For other projects I've worked on, I've been lucky that migrations were very easy. I'm talking < 15 minutes to have it done so it's been a no brainer to get it done. The caveat for that is I'm thinking back to over a decade ago and the projects were nowhere near as complicated as the ones I've worked on since.
We use dependabot to create the PRs and then manually review and merge every few days/every week. Critical updates get deployed sooner.
Framework updates depends on capacity and what out maintenance stream looks like, security issues usually take priority
For the part of the project that I'm working on - every day. I've made it my morning routine: I make coffee, sit at the computer and then check for updates for 97 NPM packages in our
package.json
.I check and update
package.json
with a very convenient scriptnpm-check-updates
.So far, this approach worked great, since we never had to worry about out of date dependencies.
When you do this regularly, there is no headache afterwards ;)
In my organization, the answer varies from project to project. Some of the projects haven't had a dependency update since last 2 years and they are still in active development.
Some projects update their dependencies on hourly basis i.e. as soon as it's released. This is possible because these projects have a
bleeding-edge
branch which runs CI jobs with latest versions of all dependencies.It depends on lots of factors: user base, potential for disruption, etc. but in general, I am aggressive about upgrading, preferring to move sooner than later.
Always the intention, but in the past few years it's never been a reality for me! Looking to adopt this approach as soon as I can with the new teams I'm working with though!
We have a renovate bot to do that for us... unless something breaks, like for example enzyme compatibility with react 17 (we still have some old components using it for testing, but we'll be removing both them and enzyme at some point, but currently it's a blocker). So the longest should be probably 1-2 months.
Most things are Spring Boot and use a regurly updated internal parent. We try to keep soms additional libraries up to date.
We have some vulnerability checks that might lead to updates for infra parts. Then there are a few infra depencies like terraform we are hassistent to update because they often give problems.
I don't understand the question. 😂
For active projects, we tend to evaluate package updates at the beginning of a new sprint.
For inactive projects, very rarely. :(
We have some old projects in Django 1.4.
But it's getting better and better, we update our most recent project monthly (django 2.2 & django 3).
Usually never unless someone is passionate about it. I watch this video and I lament that reaching this nirvana is unlikely. youtube.com/watch?v=j6ow-UemzBc
Update depends on the features. I tend to update everything frequently. For bigger teams this is a bigger task with a certain sprintgoal.. Coming with the update.. Testing.. And deploying..
At my most recent client engagement, I would check every couple weeks. As the Lead Developer, I would have the development team update the dependencies the next time the code was opened up for change.
We don't have a process, but I tend to do most of the dependencies/framework updates (I dislike being too many versions down from the newest build). Usually, I do this every couple of months.
We've found a sweet spot in monthly updates for mid-sized, frontend projects.
I wrote a small post about it last week: dev.to/omaiboroda/try-to-update-yo...
Dependabot review and merge daily. We then make new releases of our open-source SDKs and tools as needed, not daily, unless it's a major vulnerability issue then it'll get a release cut asap.
We do that rarely, I mean until and unless there's no major bug or feature update that we need.