So what should your plan to manage technical debt and dependencies look like?
You might think at first: let’s always upgrade all dependencies to the latest version as soon as possible! This way we will never fall behind. But it’s not quite as easy as that.
Things to consider:
When a new version of a library is published, there may well be bugs in it that its creators haven’t discovered. Do you want to be the one to discover them? Or do you want to wait a while before upgrading, maybe until the bugs have been found and fixed?
Even if version X of library Y is described as a bug fix release and there should be no breaking changes, you still need to test that your application works with the new version as well as it did with the previous one. Who knows, maybe your application depended on one of those bugs that got fixed – maybe what was a bug for someone else was a feature for you?
“This library works great! But it has a small bug. No matter, we’ll fix that ourselves, it’s open source!”
Or perhaps: “This library works great! And we can tweak it to do exactly what we want using this clever technique that the creators didn’t think about!”
Well, that may work out for you. Or maybe the next upgrade will break all those clever fixes of yours. Remember what I said last time?
Beware of customizations. Make sure, as far as possible, that your customizations can survive upgrades. They should be documented, implemented as narrowly as possible, and they should absolutely be part of your regression test plan.
Dependencies between dependencies
Your application requires framework X, library Y, and widget W. Widget W and library Y both depend on the framework. There is a new version of the framework that fixes an important bug, so you really want to upgrade, but the widget has not yet been updated, and the latest version of the library is still in beta.
Do you upgrade or not?
You need to consider all this early in your development process, even when deciding what tools and frameworks to use. Look at how their track record for upgrading. Do they fix bugs fast? Do they stay up-to-date with their dependencies?
Ideally you want as much flexibility as possible from your dependencies. If Library Y and Widget W both work with a range of framework versions, you can upgrade the various components more independently of each other.