When the software you use releases a new version, how does your organization going about upgrading— Whether it's your core framework or smaller dependencies?
How long do you typically go before you get on the latest versions?
For further actions, you may consider blocking this person and/or reporting abuse
Oldest comments (21)
It depends on lots of factors: user base, potential for disruption, etc. but in general, I am aggressive about upgrading, preferring to move sooner than later.
Always the intention, but in the past few years it's never been a reality for me! Looking to adopt this approach as soon as I can with the new teams I'm working with though!
My previous job... never? Pace of development, size of the codebase and because of where my team was in the chain meant it rarely (ok, ok, never) happened. Not for the want of trying, but other things like code coverage, performance or bug fixes always trumped upgrading dependencies.
We were also insulated because we were so far downstream from where the infrastructure was defined and where decisions were made. That had it's own challenges but for this specific topic it was probably something we thought about very little.
For other projects I've worked on, I've been lucky that migrations were very easy. I'm talking < 15 minutes to have it done so it's been a no brainer to get it done. The caveat for that is I'm thinking back to over a decade ago and the projects were nowhere near as complicated as the ones I've worked on since.
For active projects, we tend to evaluate package updates at the beginning of a new sprint.
For inactive projects, very rarely. :(
Update depends on the features. I tend to update everything frequently. For bigger teams this is a bigger task with a certain sprintgoal.. Coming with the update.. Testing.. And deploying..
I've turned on dependabot on my repos and it does it for me. The only thing I need to do is approve the PR. You should try it out given the fact that Forem is an open source
Yes! That bot is really useful! Also, if you have some heavy image assets on a project you can use ImgBot. 💯
You should use git-lfs (large file storage) for assets and other large files. Here's the github's git-lfs website (and here for gitlab's git-lfs).
We have some old projects in Django 1.4.
But it's getting better and better, we update our most recent project monthly (django 2.2 & django 3).
We use dependabot to create the PRs and then manually review and merge every few days/every week. Critical updates get deployed sooner.
Framework updates depends on capacity and what out maintenance stream looks like, security issues usually take priority
Most things are Spring Boot and use a regurly updated internal parent. We try to keep soms additional libraries up to date.
We have some vulnerability checks that might lead to updates for infra parts. Then there are a few infra depencies like terraform we are hassistent to update because they often give problems.
We have a renovate bot to do that for us... unless something breaks, like for example enzyme compatibility with react 17 (we still have some old components using it for testing, but we'll be removing both them and enzyme at some point, but currently it's a blocker). So the longest should be probably 1-2 months.
Dependabot review and merge daily. We then make new releases of our open-source SDKs and tools as needed, not daily, unless it's a major vulnerability issue then it'll get a release cut asap.