> โ—๏ธ TL;DR โ—๏ธ ## Opening self-reflection ๐Ÿค” As I go down the Engineer career path, I never thought carefully about why or when a project should upgrade its dependencies to the latest until recently. I also did not care about new technologies due to this philosophy: > ๐Ÿšจ *If it ain't broken, don't fix it.* I used to search and tried to re-use a 3-year-old unmaintained project when I was a new grad ๐Ÿ’€๐Ÿ’€. Now thinking back, I knew nothing about how the tech industry works, and that using an 3-year-old unmaintained project is even worse than starting a new one from scratch using the latest technologies. This is because the libraries used in the that project were way outdated with bugs that would have been resolved in the later versions. Some libraries might have been deprecated or terminated with no community support. A good example is ReactJs with the migration from class to functional components. By the time of writing this post, I doubt that there are many people who still use class components for their ReactJs projects. ## ๐Ÿ™‹โ€โ™‚๏ธ So, should we always upgrade to the latest versions? **It depends**. The importance of maintaining a project by frequently upgrading its dependencies is without a doubt. However, there are times where things may go wrong affecting the business. Let's analyze together when we should or shouldn't upgrade the dependencies to the latest. ### Benefits ๐Ÿ˜Ž #### 1. Performance improvement In many cases, a version upgrade may greatly increase one's performance because the developers may have identified the bottleneck in their work and improved them. One example of mine is upgrading from Jest to Vitest. *(a bit not related to upgrading a dependency version, but it is close imo)*. Vitest is a modern JavaScript testing tool for both NodeJs and browsers, which is lightweight and extremely fast. It is inspired by Jest. Please take a look at [my other post](https://hackmd.io/@yUbPt4KOSTyuVB8yJXjIug/HkEMPTYL0) to compare Jest and Vitest. By simply switching to Vitest, my test suites ran 3 seconds faster than Jest!! You can check these two Github actions for comparison: - [Github action](https://github.com/oraichain/oraidex-sdk/actions/runs/9935352670/job/27441361074) which used Vitest with features to optimize the performance. ![image](https://hackmd.io/_uploads/SJiXITKO0.png) - [Github action](https://github.com/oraichain/oraidex-sdk/actions/runs/9933513713/job/27436376330) which used Jest. ![image](https://hackmd.io/_uploads/S12w8ptuA.png) I am sure that there are lots of libraries that boosted their performances after an upgrade. If you know any, please comment in this post so I can add them in! #### 2. Reduce development time Sometimes, a version upgrade will help you code faster ๐Ÿ’จ. This is because the maintainers refactored or simplified the way the library works to improve your developer experience. This is especially true when it comes to JavaScript libraries. I believe many of us understand the pain of having a JavaScript library with no type, no interface, no class or method definition. Anddd I've got an example for you: [Tronweb](https://github.com/tronprotocol/tronweb) It was originally written in pure NodeJs without TypeScript. As a result, when using the libray, it was difficult navigating through the arguments, the properties, or the methods that it exposes. It was also slower to code since we would need to check back and forth the implementation of the library versus what we were using to avoid silly runtime errors like *"cannot access property of undefined"* Thankfully, the team has been nagvigating the project to TypeScript in [its latest beta version](https://github.com/tronprotocol/tronweb/releases/tag/v6.0.0-beta.4) to which I migrated an Oraichain Labs' repo. It still has some hickups, but overall it is working well as you can see in [this PR](https://github.com/oraichain/oraidex-sdk/pull/290). #### 3. Fix critical & outdated bugs โ—๏ธโ—๏ธ This point extremely crucial, as it can save you hours of debugging with no result. Some dependency versions are buggy and no longer maintained. The maintainers already published a newer version including all the bugs fixed, and people have moved on from those bugs months or years ago. One example that may catch you suprised is [Yarn](https://github.com/yarnpkg/yarn). Even though the maintainers have moved on to Berry, the active repository of Yarn, lots of developers still use Yarn classic with unresolved bugs. Specifically, those related to workspaces and monorepos, almost none of them are solved in the 1.x version, but in the newer versions of the Berry repo. Below is my attempt to add `axios` dependency into a package within the yarn classic's monorepo: ![image](https://hackmd.io/_uploads/HJrSob5_C.png) ![image](https://hackmd.io/_uploads/BkrYnWqOC.png) The images above show I couldnt use `yarn add` to install `@oraichain/oraidex-common` for the `@oraichain/oraidex-universal-swap` package within the monorepo due to an `nx` error. The same failed with `yarn workspace` ![image](https://hackmd.io/_uploads/HyZz2b5OC.png) The image above shows using `lerna add --scope` is not an option either due to the command being removed in v7 onward. ![image](https://hackmd.io/_uploads/Bk-rabcdC.png) No luck with `lerna exec` either. I searched for answers for hours before quitting. I decided to switch to `Berry` aka Yarn v4.3.1 instead, and oh boy did it work super well. ![image](https://hackmd.io/_uploads/HJgaCb9uC.png) As a result, before you start debugging and searching solutions online, remember to try updating your dependency version first to see if it resolves your issue or not. #### 4.Receive up-to-date support from the community This point is clear enough. ### Downsides #### 1. Compatibility issues ๐Ÿคผโ€โ™‚๏ธ Soooooo, breaking changes = Broken app? ๐Ÿคจ. Most likely if you are not careful. Lots of libraries experience through major updates all the time, with interface to feature changes. There is a clear risk where a feature of your product won't work like it used to be after the update. A good example is the `ethers` JavaScript library, which is: > A complete and compact library for interacting with the Ethereum Blockchain and its ecosystem In version *5.x*, it is very simple and fast to encode or decode a a base58 address by passing a string and a bytes like argument respectively. For example: `ethers.utils.base58.decode(base58-string-here)`, which returns a Buffer. However, in version *6.x*, the entire library has an entire different interface scheme and a seperate documentation page. The above method is changed to `ethers.decodeBase58(base58-string-here)`, which weirdly returns a bigint????? #### 2. Effort ๐Ÿ˜ฎโ€๐Ÿ’จ Sometimes, the effort to update a version is so costly, that it is not worth it. However, if the new version has a killer feature or fixes a super dangerous security bug, then we should consider maintaining both versions at the same time until the updated one is done updating. This can be done by Github version control via branches and tags. The production version can still use the stable version, while the team dedicates a different branch for version pumping. #### 3. Stability ๐Ÿฅ In many cases, the new version actually introduces new and serious bugs that should be avoided at all costs. Interestingly, I have a very relatable example for this section below. I am an active maintainer for the Oraichain mainnet, an AI Layer 1 for Data Economy and oracle Services, which uses Cosmos SDK underneath. By the time of writing, Cosmos SDK is at version **v0.50.8**, while Oraichain is at **v0.45.16**, which is quite outdated. However, during the process from 45x to 50x, Cosmos SDK suffered from several critical security bugs, and these versions had to be deprecated and killed at once. Since we did not upgrade to those versions, we dodged several bullets ๐Ÿ˜Ž. In fact, it seems that the 45x line is very stable with no major bugs found. ## Best Practices - It is recommended to update dependency versions every now and then. - Be careful with compatibilities and unstable versions. Always test and test and test!! - When in doubt, ask for another person's opinion. - Read tech news articles and actively look for new and better technologies to improve performance and reduce development time. ## Closing thoughts This article has been long. If you have any comments or suggestions, feel free to share them. I will take all of the constructive critisms and learn from them. If you find this article helpful, please like and share! Thank you for reading!