DEV Community

Cover image for Don't get stuck with out of date dependencies!
James McMahon for Focused

Posted on • Updated on • Originally published at focusedlabs.io

Don't get stuck with out of date dependencies!

For Gradle

Use Latest Versions Plugin

Follow the instructions in the repo to add this plugin to your Gradle project, and viola, you should be able to run it with:

./gradlew useLatestVersions
Enter fullscreen mode Exit fullscreen mode

This will update all your Gradle dependencies to the latest. You'll then need to manually run your tests to ensure everything look kosher.

For Node

updtr

updtr can be run as either a standalone command or a dev dependency. Once you have it installed, you can run:

updtr
Enter fullscreen mode Exit fullscreen mode

In your project directory to update all your dependencies. What is awesome about updtr is that it will run your tests to ensure that each dependency updated successfully. Custom test commands can be specified by using the --test flag.

This also works for Yarn

Wrap Up

Those are the tools I've been using since I've been entrenched in the Java / Node stack. If you have a similar tool for your favorite stack, let me know in the comments below!

Top comments (4)

Collapse
 
nfrankel profile image
Nicolas Fränkel

Just use Dependabot that will do it for you. If your repo is on GitHub (public or private), it's very straightforward.

Collapse
 
jamesmcmahon profile image
James McMahon

Dependabot is definitely on my radar. Our current projects are not on Github, but I know Dependabot is open source, so I plan to eventually evaluate if we could make it work with our setup.

A big requirement for me is ensuring automated dependency updates pass our test suite, which adds another wrinkle.

Collapse
 
nfrankel profile image
Nicolas Fränkel

I added Dependabot on GitLab with this project.

It doesn't do anything but create a merge request.

Thread Thread
 
jamesmcmahon profile image
James McMahon

Thanks for the tip.

The hurdle for me is that we need to add the ability to test merge requests on-demand to our pipeline. Without that the merge requests of Dependabot become more white noise, as they all require manual intervention to merge and unwinding which dependency upgrades work vs which fail can be be painful.

Part of the reason I like updtr so much is that it does that work for you. The next evolution for me is moving the capability out of a command line to an automated process, either in the pipeline entirely or a combination of pipeline and merge request.