We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Keep Your Dependencies in Check • Marit van Dijk • GOTO 2023
Leverage automation and open-source tools to keep your dependencies up-to-date, secure, and efficient while avoiding overwhelming update notifications and ensuring code quality.
- We often have little influence over the tools used by our company, but we still need to keep our dependencies in check.
- Using an outdated dependency can be problematic, and it’s essential to stay up-to-date with security updates, vulnerability fixes, and new features.
- Tools like Maven, Gradle, and Renovate can help automate dependency management, making it easier to keep dependencies up-to-date.
- Dependabot and Renovate are two tools that can help manage dependencies, including automatically creating pull requests for updates.
- Open Rewrite is a tool that can be used to refactor code and replace old package names with new ones.
- Renovate is a more advanced tool that can also scan code for vulnerabilities and create pull requests for fixes.
- Sneak is another tool that can scan for vulnerabilities and create pull requests for fixes, and it is more limited than Renovate but still useful.
- Error Prone is a static analysis tool that can catch common programming mistakes and help improve code quality.
- Keeping dependencies in check is important, but it’s also important to avoid overwhelming ourselves with too many update notifications.
- Regular backup and testing of our codebases can help ensure that updates don’t break our applications.
- Migrating to new versions of dependencies can be a good opportunity to refactor code and improve quality.
- Open-source projects like Open Rewrite, Renovate, and Sneak can provide valuable tools and community support for dependency management and code improvement.