To content
Software Supply Chain Security

Stability of Software Component Updates Improved Significantly

-
in
  • News
  • Forschung
Logo von der ICSM 2023 © ©ICSE
ICSM 2023

Our novel approach makes update decisions more stable and predictable allowing for better automation.

In UPCY: Safely Updating Outdated Dependencies - just presented at the ICSE 2023 conference - we improve automated dependency upgrades for software systems by computing update suggestions with minimal incompatibilities. Better automation for software component dependency upgrade is essential for its adoption in software engineering and will help to make software component supply chains more reliable and secure. With UpCy we can suggest update configurations that have zero incompatibilities in 99% of cases in our extensive evaluation. In cases with incompatibilities UpCy generates update configurations with fewer incompatibilities than state-of-the-art tools. We achieve this by treating dependency upgrades as a graph-theoretic problem and apply the min-(s,t)-cut algorithm on a complete dependency graph for Maven Central supported by a graph database.

The IEEE/ACM International Conference on Soft­ware Engineering (ICSE), is the premier software engineering con­fe­rence. Since 1975, it is a well-recognized annual forum where re­search, practice, and education in the field of software engineering meet and discuss. With an h5-index of 76 it is the #1 publication venue in the field of software systems accoding to Google Scholar. 

Link to our talk entry on the ICSE website

UpCy: Safely Updating Outdated Dependencies
Andreas Dann, Ben Hermann, and Eric Bodden
In Proceedings of the IEEE/ACM 45th International Conference on Software Engineering (ICSE)
DOI: 10.1109/ICSE48619.2023.00031

Preprint PDF (388 KB)