Packages are helpful and sometimes critical for projects. However, packages have new release all the time, so as their dependency packages. A developer should learn how to determine if we need to update the latest version of packages or not.
I've been checking on something like this these days. There is a warning while building the telescope project, it complains about one of our package is too old to get supported. And this old version package is one of the dependency of the other package. Therefore, we need to look into both packages' new versions and see if the new version of packages can fit in our project; and if they can't, how to modify our project or should we look into other packages?
Also, it's a big work for checking all these outdated packages. Should we check each of them and see if the update breaks our program? Should we build a bot to always update the packages automatically when it's just a minor update (such as 1.6.7 to 1.6.8)? Does automatically updating packages save our time or give us more work (to fixing it) in the future?
There are a lot to think about when it comes to maintaining a project with its packages. I'm glad that I have this chance to dig into this new field :)
Top comments (1)
I upgrade aggressively but manually. I don't commit the
package-lock.jsonfile so that upgrades within a major version occur automatically. If something breaks, I rollback to the last working version.For upgrades between major versions, I would at least read the change log or recent commits. Then I have to carefully test affected modules.
Sometimes the upgrades have to be deferred. When webpack 5.x was released, I attempted to upgrade NDNts browser tests right away but there were a lot of errors. I waited two months and tried again, and everything worked fine.