Bumping dependencies and working with Github's dependabot
I’m pretty impressed with Github’s dependabot service. It’s figured out what dependencies for this repo are out of date, and can upgrade them even if it requires upgrading a group together at once.
Bit rot is a thing. Keeping this blog’s static site generator up to date is an ongoing task, and I’m a bit behind. Dependabot has informed me that a group of 5 dependencies needs to be upgraded together:
- rack from 1.6.13 to 2.2.2
- middleman from 3.4.1 to 4.3.6
- middleman-s3_sync from 3.0.47 to 4.0.3
- middleman-blog from 3.5.3 to 4.0.3
- middleman-syntax from 1.2.1 to 3.2.0
This dependabot PR has been open since December, and I’ve taken a couple of brief looks at what the upgrade looks like. All css and assets disappear from the page, I believe because middleman or middleman-blog moved away from using Sprockets, an asset pipeline builder from Rails. I’ve read that Rails has deprecated and phased out Sprockets, so this move makes sense on middleman’s part.
For today, like on the other days I’ve blogged recently, I want this to be a short activity. I did spend some time trying to upgrade dependencies, and upgraded some transitive dependencies to at least shrink down the dependabot PR. The big version adjustment will have to wait until another day.
I am reminded of other tech blogs I’ve read that mention maintenance costs of their blogs. It seems to be a common trajectory that a tech blog eventually goes from self hosted or static to using a hosted service like Wordpress. I can see why. For now, I think the Ruby world is still cool, and I’d like to eventually see what it’s moved onto from Sprockets.