For Gradle
Use Latest Versions Plugin
Follow the instructions in the repo to add this plugin to your Gradle project, and viola, you should be able to run it with:
./gradlew useLatestVersions
This will update all your Gradle dependencies to the latest. You'll then need to manually run your tests to ensure everything look kosher.
For Node
updtr
updtr can be run as either a standalone command or a dev dependency. Once you have it installed, you can run:
updtr
In your project directory to update all your dependencies. What is awesome about updtr is that it will run your tests to ensure that each dependency updated successfully. Custom test commands can be specified by using the --test
flag.
This also works for Yarn
Wrap Up
Those are the tools I've been using since I've been entrenched in the Java / Node stack. If you have a similar tool for your favorite stack, let me know in the comments below!
Top comments (4)
Just use Dependabot that will do it for you. If your repo is on GitHub (public or private), it's very straightforward.
Dependabot is definitely on my radar. Our current projects are not on Github, but I know Dependabot is open source, so I plan to eventually evaluate if we could make it work with our setup.
A big requirement for me is ensuring automated dependency updates pass our test suite, which adds another wrinkle.
I added Dependabot on GitLab with this project.
It doesn't do anything but create a merge request.
Thanks for the tip.
The hurdle for me is that we need to add the ability to test merge requests on-demand to our pipeline. Without that the merge requests of Dependabot become more white noise, as they all require manual intervention to merge and unwinding which dependency upgrades work vs which fail can be be painful.
Part of the reason I like updtr so much is that it does that work for you. The next evolution for me is moving the capability out of a command line to an automated process, either in the pipeline entirely or a combination of pipeline and merge request.