Keep your dependencies in check
Conference (BEGINNER level)
Room 2
Score 0.17
Score 0.19
Score 0.19
Score 0.20
The match becomes increasingly accurate as the similarity score approaches zero.

If Log4Shell, Spring4Shell, etc. have taught us anything, it's that we need to keep our dependencies up to date. But updating our applications can take a lot of time. How do we stay on top of that, while also continuing to deliver business value?

Luckily, there are plenty of tools that can help us with this, from package managers to bots that can automatically create changes on our repositories. Let's go over some of the different options, so we can make informed choices about what's best for us in a particular situation.

Marit van Dijk

Marit van Dijk is a software developer with 20 years of experience in different roles and companies. She loves building awesome software with amazing people and has contributed to open-source projects like Cucumber and various other projects. She enjoys learning new things as well as sharing knowledge on programming, test automation, Cucumber/BDD, and software engineering. She speaks at international conferences, in webinars, and on podcasts, occasionally writes blog posts, and contributed to the book "97 Things Every Java Programmer Should Know" (O'Reilly Media).

Generated Summary
WARNING: This summary was generated using GPT based on the transcript, as a result spelling mistakes and more importantly hallucinations can be present.

Keeping Dependencies in Check When Using Open Source Software
Pros and Cons of External Dependencies
  • Solves the problem
  • Size of the dependency
  • Similar dependency already exists
  • Well-maintained
  • Risk of it becoming unmaintained
Factors to Consider When Adding a Dependency
  • Size of the user base
  • Helpfulness of the community
  • Ease of implementation and use
  • Known vulnerabilities
Where to Search for Information
  • Maven Central
  • JetBrains Package Search
  • GitHub
Tools for Managing Dependencies
  • Maven
  • Gradle
  • IntelliJ IDEA
  • Dependabot
  • Renovate
  • Sneak
  • Dependable
Other Tools
  • Bots
  • Migration tools
  • Refactoring tools
Specific Tools
  • IntelliJ Idea
  • Migration refactoring
  • Error Prone
  • Open Rewrite
Maddie Van Dyke's talk in Zurich highlighted the importance of carefully considering which dependencies to use and how to manage them. Automation, checking for updates and vulnerabilities, and using tools like Dependabot and Open Rewrite are recommended to help with software updates and code migrations. Questions or swag can be collected by speaking to the speaker.
You can also ask questions on the complete talk using Devoxx Insights