On Wed, Nov 20, 2019 at 1:43 PM Luke Cwik <[email protected]> wrote: > > Minor note that Gradle 5 added support for BOMs[1]. > > I think attempting to perform the upgrade (whether to use BOM or not) will be > a concerted effort every time to minimize the amount of breakage to users > while maximizing compatibility with the OSS ecosystem. Unfortunately I'm not > aware of any dependency analysis tooling that can perform some validation > stating that something is safe or not. If such a tool existed, it would make > it much easier for projects to perform upgrades and would also help users as > well.
Funny you should ask. We've been working on tooling like that such as the linkage monitor and the Maven enforcer rule: https://github.com/GoogleCloudPlatform/cloud-opensource-java Mostly Maven based for the time being, but updates are possible. At the end of the day, though, this is no substitute for extensive unit and integration test suites. If we don't have those, then dependencies are the least of our worries. If we do have those, we can move forward in reasonable confidence that minor version upgrades won't break anything without causing a test to fail. -- Elliotte Rusty Harold [email protected]
