Maintaining a custom software application takes continuous, and not always easy, effort. Here we'll give some of our recommendations for maintaining your application.
Software dependency upgrades must be done frequently and consistently to make sure your application is kept up to date, secure, and functioning.
Upgrading dependencies is an essential part of software maintenance and part of the cost of owning and running a custom software application.
Our core recommendations for dependency upgrades:
Plan for dependency upgrades throughout the year. There are upgrades that should be done yearly, monthly, or even ad-hoc. Some upgrades will take hours and some may take weeks. Recognize that part of the yearly budget will need to go to dependency upgrades and not all upgrades needed may be ones that can be planned (e.g. important security patches).
Be aware that your application does not exist in a vacuum (i.e. it has many dependencies). There are times when you will be forced to upgrade something for whatever reason. There are times when you want to upgrade but it is not always possible to do so due to other dependencies needing to be upgraded first.
Regularly audit dependencies to verify if any have deprecated and need to be replaced.
Setup something like Dependabot to automate upgrades related to security vulnerabilities and to make sure they are deployed on a timely basis.
Be aware of the maintenance policies for the critical dependencies of your application. Rails, for example, has its own maintenance policy documenting which releases are getting what types of support.