The latest articles on DEV Community by Roy Ben Yosef (@roybenyoseftm). https://dev.to/roybenyoseftm https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F522616%2F3024e279-139c-4148-8cd3-9be6cc76ba4c.png https://dev.to/roybenyoseftm en Roy Ben Yosef Sun, 29 Nov 2020 09:49:32 +0000 https://dev.to/roybenyoseftm/what-is-your-3rd-party-dependencies-update-strategy-in-big-projects-2k73 https://dev.to/roybenyoseftm/what-is-your-3rd-party-dependencies-update-strategy-in-big-projects-2k73 <p>I am trying to get some input from people working on large projects with many devs involved, about how do you manage your 3rd party dependencies.<br> Let me be more specific:<br> Let’s say that in our organization we are working on several big projects, some are infrastructure projects that are consumed and used by other projects.<br> Naturally, all projects have 3rd party dependencies and you need to update them at some point.<br> What is your strategy?<br> The considerations are (if you have other, please do tell):</p> <p>security - you don’t want to stay with old versions<br> same but simply to get the latest bug fixes and updates<br> you might break often if you keep updating every build for example<br> when you update your infra projects, you might break your depending projects that are using you as a dependency.<br> What is your strategy?</p> <ul> <li>You do something automatic like dependabot? </li> <li>Do you update each time you build and handle breakage as it occur?</li> <li>Do you have a “scheduled event” for updating libraries? if so, how often?</li> <li>You only update when something demands it (security alert, required feature, another library requires it, etc…) Something else? Thanks!</li> </ul> watercooler discuss