If Log4Shell, Spring4Shell, etc. have taught us anything, it's that we need to keep our dependencies up to date. But updating our applications can take a lot of time. How do we stay on top of that, while also continuing to deliver business value?
Luckily, there are plenty of tools that can help us with this, from package managers to bots that can automatically create changes on our repositories. Let's go over some of the different options, so we can make informed choices about what's best for us in a particular situation.
Marit van Dijk is a software developer with 20 years of experience in different roles and companies. She loves building awesome software with amazing people and has contributed to open-source projects like Cucumber and various other projects. She enjoys learning new things as well as sharing knowledge on programming, test automation, Cucumber/BDD, and software engineering. She speaks at international conferences, in webinars, and on podcasts, occasionally writes blog posts, and contributed to the book "97 Things Every Java Programmer Should Know" (O'Reilly Media).
- Solves the problem
- Size of the dependency
- Similar dependency already exists
- Well-maintained
- Risk of it becoming unmaintained
- Size of the user base
- Helpfulness of the community
- Ease of implementation and use
- Known vulnerabilities
- Maven Central
- JetBrains Package Search
- GitHub
- Maven
- Gradle
- IntelliJ IDEA
- Dependabot
- Renovate
- Sneak
- Dependable
- Bots
- Migration tools
- Refactoring tools
- IntelliJ Idea
- Migration refactoring
- Error Prone
- Open Rewrite
