| It depends: - Is it a reasonable time expenditure relative to other priorities (an indie dev doing an MVP is quite different than a 20 person team at a bank)? - Are the dependencies "large" (framework level) or "small" (tiny, focused library)? - Can you rely on semantic versioning to give a clue as to upgrade cost? - How long since you last upgraded (further behind means much more breakage)? - Does the language / platform you use make it easy (ie do you need to synchronize native libraries as well)? - Can you depend on your build system to reliably test the upgrade and report stability? - Do you have higher-than-usual dependency requirements (security, compliance, risk reviews, license review, approvals)? Having said all that, I upgrade our dependencies every month. It only takes a couple of hours and very rarely causes issues (maybe 1 in 6 monthly upgrades requires an extra hour to identify a regression in a newer version and adding a comment with an issue tracker link to pause upgrades of that dependency until it's fixed). |