All geek questions in one place

Tracking dependent third-party library releases

I am creating a web application that depends on several third-party libraries. What is a good strategy to ensure that you always use the most complete patched versions? A simple method would be to save the recorded versions and visit websites at regular intervals, but I’m looking for a way to get the information available to me, if possible, as an aggregation service so that I can immediately see things, I thought there could be others, who should have done the same and developed a good solution.

Here are some libraries that I use:

+4
source share
5 answers

"A simple method would be to keep versions recorded and visit websites at regular intervals,"

A good idea.

"but I’m looking for some way to get the information" laid down "to me, if possible."

A potentially bad idea.

The problem is the confirmation of mutual compatibility. Open source software requires a huge integration effort.

You should check every update of each third-party package against your application. Having the information β€œpushed” to you will not help you perform validation or testing. It only tells you that you should do something. Since you cannot just drop everything and check every time something is updated, you should do something like the following.

  • Select a schedule. Monthly, for example.

  • Check out all release notes packages.

  • Download updates you think might be interesting. I., they correct the errors that you have. Or they fix security holes you didn't know about.

  • Test

If everything works, you have an update for your application. If something does not work, you have debugging to plan and then do.

+5
source

Do they have version control repositories? If so, your problem is solved by pulling from the appropriate VCS.

+2
source

You might have some sort of automatic check if they allow read-only access to the source repository. Actually, one does not have to work hard to orient each person.

Otherwise, mailing lists or RSS feeds may also provide push style information.

EDIT:

How to use GMail to aggregate everything? You can subscribe to mailing lists to receive mail in your GMail account, subscribe to RSS feeds using Google Reader and notify you via GMail, and then see if it is possible to subscribe to SVN updates in repositories.

Perhaps there will be more work than it costs.;)

+1
source

I like to put all my projects in SVN and then use svn: externals.

+1
source

In fact, it may be in your best interest to just let your versions languish until you are ready to upgrade. Of course, something can change between plugins (and many of them), which is likely to break your application if something changes.

You probably would be better off updating your versions with your own application version changes. This way you can control version changes and bugs that inherently come with them.

+1
source

Source: https://habr.com/ru/post/1303946/

More articles:


All Articles