I am trying to get some input from people working on large projects with many devs involved, about how do you manage your 3rd party dependencies.
Let me be more specific:
Let’s say that in our organization we are working on several big projects, some are infrastructure projects that are consumed and used by other projects.
Naturally, all projects have 3rd party dependencies and you need to update them at some point.
What is your strategy?
The considerations are (if you have other, please do tell):
- security - you don’t want to stay with old versions
- same but simply to get the latest bug fixes and updates
- you might break often if you keep updating every build for example
- when you update your infra projects, you might break your depending projects that are using you as a dependency.
What is your strategy?
- Do you update each time you build and handle breakage as it occur?
- Do you have a “scheduled event” for updating libraries? if so, how often?
- You only update when something demands it (security alert, required feature, another library requires it, etc…)
- Something else?
Thanks!