bumble-tech
Introduce automatic dependency update tool
There are quite a few libraries in the project that are out of date. Rather than having to remember to check these occasionally (and potentially wait months), we should investigate using a tool that does this automatically.
Unfortunately dependabot does not work with Gradle Version Catalogues (link), so we should use a different solution for now.
It looks like square is using 'Renovate' (example) which looks like it works with version catalogues. This tool potentially needs to be installed as an app, though I did see something about being able to 'self-host' and use a Github action.
This tool will automatically raise PRs for us when a new dependency is available, and will help us avoid being very out of date.
In this case we have to update our internal versions too (otherwise it will be updated implicitly via transitive dependency). e.g. see https://github.com/bumble-tech/appyx/pull/44.
For everything except Compose it is OK to be out of date. The only dependency we use is androidx, which is subject to at least ABI compatibility (and most of the time but not always behavioural).
For example in this PR #115 I am introducing dagger hilt. It's not working without dependency updates.
Also, I found in that PR that the androidx lifecycle library has a change that breaks one of our tests, potentially meaning that our usage of the library may not work in future versions.
It's worthwhile keeping up to date for situations like this
+1 for maintaining regular updates of dependencies if possible. Much better to keep on top of things with a regular update schedule than to end up being unable to make a critical update because of too many incompatible dependencies.
