DEV Community

Cécile Fécherolle
Cécile Fécherolle

Posted on

What are your tools for keeping dependencies and plugins versions up-to-date?

Hi everyone!

I rarely post here but today I decided to ask the community about some tooling.

One thing that I find daunting in today's web dev ecosystem is how to keep track of dependencies and plugin versions in all layers of our apps and, say, not miss a lot of versions for one tool or the other.

For example, in the project I'm working on, we have a front-end app made with React, a Java/Spring Boot back-end, a Keycloak authentication system, and so on.

So I was asking myself: is there some kind of tool to subscribe to new versions of packages/libs, get warnings about end of life, and such?

I do know there are tools like Maven versions plugin for Java or npm packages to be run manually to get info on possible updates.

My actual question is: how do you guys regularly check for those? Do you have like a calendar reminder to launch a bunch of tools manually (my current "solution" as of today), or something else that I don't know about?

Waiting for your feedback 😊

Top comments (4)

bradstondev profile image
Bradston Henry

Hi Cécile!

That's a good question and I am interested to see how other teams/devs have handled managing framework/dependency versioning through projects.

In one of my past projects (where I joined mid-development), I took it upon myself to create some documentation for tracking this.

So per technology( React, iOS, etc) , I created a simple wiki that showed all the frameworks that we had implemented in our project and the current version that anyone on the project could view and/or update.

Essentially it looked something like this (and this was in a grid):

My React Project Name

Framework Name | Framework URL | Version | last updated

Matter.js | | 0.17.1 | May, 14th, 2021

React Router | | 5.1.0 | April 3rd, 2021

And then periodically, team members would update it when they changed Frameworks or updated things.

Only problem with this strategy is that your team has to remember to make the updates and yes.....they will forget without reminders. So someone needs to own the success of it.

I wouldn't say it's the best strategy but it was better than nothing. Just a lot of possible human-error.

I also wonder if there is an automated tool that would do that for you.

cfecherolle profile image
Cécile Fécherolle

I too wondered about writing down versions in a common documentation or something along those lines, so it's nice to see someone tried the same thing!

Thanks for your feedback. I'd say tech leads should "own" this responsibility but I can't see it working without reminders or automated tools: we are humans, after all :)

jmfayard profile image
Jean-Michel Fayard 🇫🇷🇩🇪🇬🇧🇪🇸🇨🇴 • Edited

I wrote a tool for Gradle to do just that

About your "actual question": I think looking for updates once a week is reasonable

GitHub logo jmfayard / refreshVersions

Life is too short to google for dependencies and versions

cfecherolle profile image
Cécile Fécherolle

Thanks for your input, I'll take a look at the Gradle tool you developed!

An Animated Guide to Node.js Event Loop

>> Check out this classic DEV post <<