UpCy: Safely Updating Outdated Dependencies
Recent research has shown that developers hesitate to update dependencies and mistrust automated approaches such as Dependabot, since they are afraid of introducing incompatibilities that break their project. In fact, these approaches only suggest naive updates for a single outdated library but do not ensure compatibility with other dependent libraries in the project. To alleviate this situation and support developers in finding an update with minimal incompatibilities, we present UpCy. UpCy applies the min-(s,t)-cut algorithm and leverages a graph database of Maven Central to identify valid updates with minimal incompatibilities with other libraries. By creating 29,698 artificial updates in 380 projects, we compare the effectiveness of UpCy with the naive updates applied by state-of-the-art tools. We find that in 41.1% of the cases where the naive approach fails, UpCy generates updates with fewer incompatibilities, and even 70.1% of the generated updates have zero incompatibilities.