For most commerce software engineers, dependency management includes upgrades and best practice suggests upgrading dependencies proactively. In order to ensure a smooth process and one that is maintained properly, it is best to have a well-defined policy and process.
Why you need a policy and process
All software depends on other software to accomplish useful tasks. Even the smallest hello world program depends on the libraries of the language it is written in. Typically, as a piece of software gets more sophisticated it depends on more third-party software or libraries. Leveraging existing third-party libraries is a standard practice for commerce engineers to enable faster development.
However, vulnerabilities and bugs of dependencies become vulnerabilities and bugs of the software the dependencies are included in. As a result, dependencies must be chosen with due consideration, and constantly monitored. Best practice is to not only upgrade dependencies proactively, but to also be on the latest versions of libraries as often as possible.
Why Upgrade Dependencies?
The single biggest reason for upgrading dependencies is security. Most software has vulnerabilities that are gradually fixed over time. Upgrading dependencies, is the simplest way to avoid security issues. The latest versions can …read more