how to update dependencies?

[Florian Micklich <mi...@apache.org>]

Hi,

I always see the emails from dependabot with updating dependencies.
Is there a specific workflow behind it?
What do I have to do, for updating packaged?
Is that written down somewhere?

Special Question for python:
Is there already a plan how to check the pip python packaged for updates?

Greetings
Florian

Re: how to update dependencies?

[Christofer Dutz <ch...@c-ware.de>]

Hi Florian,

well depdenabot is a service running on GitHub that simply checks dependencies and proposes updates if it detects them. It’s a bot.

In PLC4X we manage external dependencies versions in the main pom.xml files dependencyManagement section.
The reason for this is that there are many libraries that are used in different places of the project. Some are used directly and some are pulled in as transitive dependencies.

This usually causes some libraries to be included in different versions.
Assume Driver A uses a library X in version 1 and the Integration Module for software B uses it as a transitive dependency in version 2.
So, if you use integration module B but not driver A, you will be using version 2 but if you add Driver A then it will be version 2 possibly causing the integration module to not work correctly.

By managing the dependencies to directly used dependencies in a central place, we reduce this risk dramatically.

Hope that’s a bit of an explanation for you :-)


Chris

From: Florian Micklich <mi...@apache.org>
Date: Wednesday, 8. February 2023 at 22:38
To: StreanPipes Dev <de...@streampipes.apache.org>
Subject: how to update dependencies?
Hi,

I always see the emails from dependabot with updating dependencies.
Is there a specific workflow behind it?
What do I have to do, for updating packaged?
Is that written down somewhere?

Special Question for python:
Is there already a plan how to check the pip python packaged for updates?

Greetings
Florian