{
    "componentChunkName": "component---src-templates-post-js",
    "path": "/automated-dependency-management",
    "result": {"data":{"site":{"siteMetadata":{"title":"your friend Joel's digital garden","description":"Articles and notes from a collaborator at egghead.io. Musings on software, business, and life from a skilled virtual assistant.","author":{"name":"Joel Hooks"},"keywords":["Video Blogger"]}},"mdx":{"excerpt":"It's Monday morning. You have a sip of your favorite morning beverage and open your email client. 3632 emails from dependabot spanning every repository you've ever create on Github wait for you. What do you do? Most likely ignore them, but…","fields":{"github":"https://github.com/joelhooks/joelhooks-com/tree/master/content/blog/2020-09-11--should-i-use-automated-dependency-management~~fIaEsci5q/index.mdx"},"body":"var _excluded = [\"components\"];\n\nfunction _extends() { _extends = Object.assign || function (target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i]; for (var key in source) { if (Object.prototype.hasOwnProperty.call(source, key)) { target[key] = source[key]; } } } return target; }; return _extends.apply(this, arguments); }\n\nfunction _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; }\n\nfunction _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; }\n\n/* @jsxRuntime classic */\n\n/* @jsx mdx */\nvar _frontmatter = {\n  \"id\": \"fIaEsci5q\",\n  \"slug\": \"automated-dependency-management\",\n  \"date\": \"2020-09-11T00:00:00.000Z\",\n  \"title\": \"Should I use automated dependency management?\",\n  \"published\": false\n};\nvar layoutProps = {\n  _frontmatter: _frontmatter\n};\nvar MDXLayout = \"wrapper\";\nreturn function MDXContent(_ref) {\n  var components = _ref.components,\n      props = _objectWithoutProperties(_ref, _excluded);\n\n  return mdx(MDXLayout, _extends({}, layoutProps, props, {\n    components: components,\n    mdxType: \"MDXLayout\"\n  }), mdx(\"p\", null, \"It's Monday morning. You have a sip of your favorite morning beverage and open your email client.\"), mdx(\"p\", null, \"3632 emails from dependabot spanning every repository you've ever create on Github wait for you.\"), mdx(\"p\", null, \"What do you do?\"), mdx(\"p\", null, \"Most likely ignore them, but keeping your massive list of dependencies updates is on one hand incredibly daunting and on the other crucial for most long term projects.\"), mdx(\"p\", null, \"If you've never sat down to update your dependencies manually and experienced the pain for upgrading stale libraries all at once, I'll be honest, you are living a better life than I am.\"), mdx(\"p\", null, \"It sucks. Painful. Error prone. The very definition of \\\"technical debt\\\".\"), mdx(\"p\", null, \"So these seem to be the choices:\"), mdx(\"ul\", null, mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"Automate it and live in a noisy world of many emails from robots dutifully making you aware of updates and opening PRs \\uD83D\\uDE31\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"ignoring the issue entirely until some mitigating factor forces you to do the needful and update your dependencies \\uD83D\\uDE05\"), mdx(\"li\", {\n    parentName: \"ul\"\n  }, \"periodically do the work manually as a good solid habit \\uD83D\\uDE2C\")), mdx(\"p\", null, \"Twitter is split right down the middle on this issue:\"), mdx(\"div\", {\n    style: {\n      marginTop: '45px',\n      marginBottom: '45px'\n    }\n  }, mdx(TwitterTweetEmbed, {\n    tweetId: '1304153028820258816',\n    options: {\n      conversation: 'none',\n      align: 'center'\n    },\n    mdxType: \"TwitterTweetEmbed\"\n  })), mdx(\"p\", null, \"For egghead-next\", mdx(\"sup\", {\n    parentName: \"p\",\n    \"id\": \"fnref-1\"\n  }, mdx(\"a\", {\n    parentName: \"sup\",\n    \"href\": \"#fn-1\",\n    \"className\": \"footnote-ref\"\n  }, \"1\")), \" we are automating it. The project is only a couple of months old, but turning on \", mdx(\"a\", {\n    parentName: \"p\",\n    \"href\": \"https://depfu.com/\"\n  }, \"depfu\"), \" immediately started opening PRs and caused a full day of testing, verifying, and approving PRs.\"), mdx(\"p\", null, \"Using depfu allows us to set grouped updates so they are batched with a weekly PR instead of a single PR for every update. This is something that Dependabot doesn't currently support\", mdx(\"sup\", {\n    parentName: \"p\",\n    \"id\": \"fnref-2\"\n  }, mdx(\"a\", {\n    parentName: \"sup\",\n    \"href\": \"#fn-2\",\n    \"className\": \"footnote-ref\"\n  }, \"2\")), \" and was the primary driver for choosing depfu over Dependabot for us.\"), mdx(\"p\", null, \"depfu also allows us to have fine-grained control over the frequency of updates. Minor and dot releases versus major updates.\"), mdx(\"p\", null, \"Keeping dependencies up to date is import. If it's not done early and consistently you can run into severe problems and laborious tasks down the road. \"), mdx(\"p\", null, \"Automation is an excellent solution if you can control the notifications and churn on the PRs so that it isn't just noise that gets ignored. For most professional projects this is highly recommended.\"), mdx(\"div\", {\n    \"className\": \"footnotes\"\n  }, mdx(\"hr\", {\n    parentName: \"div\"\n  }), mdx(\"ol\", {\n    parentName: \"div\"\n  }, mdx(\"li\", {\n    parentName: \"ol\",\n    \"id\": \"fn-1\"\n  }, mdx(\"a\", {\n    parentName: \"li\",\n    \"href\": \"https://github.com/eggheadio/egghead-next\"\n  }, \"The next generation of the egghead.io UI using Next.js and TypeScript\"), mdx(\"a\", {\n    parentName: \"li\",\n    \"href\": \"#fnref-1\",\n    \"className\": \"footnote-backref\"\n  }, \"\\u21A9\")), mdx(\"li\", {\n    parentName: \"ol\",\n    \"id\": \"fn-2\"\n  }, mdx(\"a\", {\n    parentName: \"li\",\n    \"href\": \"https://github.com/dependabot/dependabot-core/issues/1190\"\n  }, \"Open Dependabot issue to support grouped updates\"), mdx(\"a\", {\n    parentName: \"li\",\n    \"href\": \"#fnref-2\",\n    \"className\": \"footnote-backref\"\n  }, \"\\u21A9\")))));\n}\n;\nMDXContent.isMDXComponent = true;","frontmatter":{"title":"Should I use automated dependency management?","date":"September 11, 2020","banner":null,"slug":"automated-dependency-management","keywords":null}}},"pageContext":{"id":"957b3eab-cfa4-5c54-bf63-2581b6dedf14","prev":{"id":"83d03164-5a45-5c98-aa4b-64ad7bd4e6ae","parent":{"name":"index","sourceInstanceName":"blog"},"excerpt":"30x500 is a repeatable product development system presented and designed by Amy Hoy and Alex Hillman. The system is research and value focused and provides and end to end cycle for creating products that people actually want to buy. This summary of…","fields":{"title":"7 Steps to 30x500: a System of Product Success","slug":"7-steps-of-30x500","date":"2020-09-20T00:00:00.000Z"}},"next":{"id":"2a32d660-791f-5332-a5e7-fbe5fc16bbe1","parent":{"name":"index","sourceInstanceName":"blog"},"excerpt":"If you want to jump right to the finish line and have an existing Github repository you want to run tests on, drop the following into a file here  .github/workflows/tests.yml  and you'll be running your tests whenever you push to your main branch or…","fields":{"title":"Continuous Integration with Jest Tests and Github Actions","slug":"jest-and-github-actions","date":"2020-09-10T00:00:00.000Z"}}}},
    "staticQueryHashes": ["1045846374"]}