Lots of place I’ve worked at have had an irrational fear of upgrading their dependencies. I understand why, when you have something that
works you don’t want to rock the boat. You want to focus on building your product, not dealing with potential runtime errors. Your ops team is happy, things are stable. Life is great.
However, just like running from your problems, freezing your dependencies is a recipe for disaster. Just like normal software maintenance, your dependencies MUST be upgraded on a regular basis. It sucks, nobody likes dealing with weird transitive issues, but without a regular upgrade schedule (every 6 months to a year at minimum) you run the risk of realizing that you can’t upgrade at all!
This is a crappy place to be in, and you know when you’re there because you try and pull in some updated library that has the features you want and/or … Read more