Why so hard? Upgrading your Dependencies on Web Rush #184
What does it mean to upgrade your dependancies? How do you deal with security issues or error messages when you do? What if you're the creator of an npm library - when do you issue upgrades? And should you built something yourself or use a third party version?
const podcast = {
episode: 184,
title: 'Why so hard? Upgrading your Dependencies.',
topics: [
'software', 'upgrades', 'Dependencies'
],
guest: 'n/a'
hosts: [
'Ward Bell', 'John Papa'
]
};
Recording date: April 28, 2022
John Papa @John_Papa
Ward Bell @WardBell
Dan Wahlin @DanWahlin
Craig Shoemaker @craigshoemaker
Brought to you by
Resources:
- Angular Experience Podcast - S2E12 - Ward Bell on How to Fire Your Boss
- Auditing package dependencies for security vulnerabilities with npm audit
- Automated dependency updates built into GitHub dependabot
- Angular’s ng update CLI
- Jasmine tests
- Snyk
- Bulma
- Node-sass deprecated?
- DevOps and CI/CD with Jenkins
- AG-Grid
Timejumps
- 01:18 Topic introduction
- 03:10 What does it mean to upgrade your dependancies?
- 06:48 Dealing with security issues
- 12:00 Getting error messages when updating
- 20:17 Sponsor: Ag Grid
- 21:19 Managing npm libraries you've created
- 27:26 Having a strategy
- 30:42 Should you build it yourself or use a third party version?
- 33:17 Final thoughts
Podcast editing on this episode done by Chris Enns of Lemon Productions.