Rare is a project that does not have external dependencies. Me being an Android Developer I can safely say it’s impossible for Android development. Every team has its own approach, and every approach has its own pros and cons.
My team compiled these 6 strategies:
-
Ignore it
-
Check sporadically
-
Check regularly
-
Check on every Pull Request
-
Check before every major release
-
Automate Dependency Management
Did we miss any approach? Do you have experiences to share about any of these?
Also, hope it’s ok to share a blog post my team wrote about this topic, where we go into detail about each of these strategies: https://www.bloco.io/blog/6-strategies-for-updating-software-dependencies