Keep Your Dependencies in Check • Marit van Dijk • GOTO 2023

This presentation was recorded at GOTO Copenhagen 2023. #GOTOcon #GOTOcph Marit van Dijk - Developer Advocate at JetBrains & Open Source Contributor @maritvandijk RESOURCES @maritvandijk :// @mlvandijk ABSTRACT If Log4Shell, Spring4Shell, etc. have taught us anything, it’s that we need to keep our dependencies up to date. But updating our applications can take a lot of time. How do we stay on top of that, while also continuing to deliver business value? Luckily, there are plenty of tools that can help us with this, from package managers to bots that can automatically create changes on our repositories. Let’s go over some of the different options, so we can make informed choices about what’s best for us in a particular situation. [...] TIMECODES 00:00 Intro 00:27 Open source software 02:00 Log4j 03:30 Spring4Shell 05:06 Do we need this dependency? 05:33 Selecting dependencies 10:03 Dependency information 12:54 Maintain dependencies 13:06 Maven 15:01 Gradle 15:41 Demo 19:43 IntelliJ IDEA 19:52 Pros & cons 20:23 Software composition analysis 21:45 Dependabot 24:24 Renovate 26:46 Snyk open source 30:17 Bots: Pros & cons 32:02 Migration tools 33:04 Error Prone 34:43 OpenRewrite 36:58 Conclusion 37:14 Outro Download slides and read the full abstract here: RECOMMENDED BOOKS Mark Seemann & Steven van Deursen • Dependency Injection Principles, Practices & Patterns • Heather Meeker • A Practical Guide to Open Source Software Licensing • Mark Seemann • Dependency Injection in .NET • #Dependencies #OpenSource #Log4j #Spring4Shell #UpdateDependencies #Maven #Gradle #IntelliJ #Dependabot #RenovateBot #Snyk #ErrorProne #OpenRewrite Looking for a unique learning experience? Attend the next GOTO conference near you! Get your ticket at Sign up for updates and specials at SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.