Breaking changes & upgrade impact analysis

Breaking changes

Aikido makes an assessement on whether a version upgrade contains breaking changes by looking at the changelogs of the library.

Clicking on an open-source dependency issue in the Aikido feed will pop up the issue details showing the minimal version upgrade required to fix the issue. In this Spring Security example below, CVE-2023-34034 will be fixed by upgrading from version 6.1.0 to version 6.1.2. Aikido has determined that there are no breaking changes in this update, shown by the ✅.

Clicking the ✅ reveals the details and a link to the changelogs. In this case there are no breaking changes.

If there are breaking changes like for this Tomcat upgrade from version 8.5.11 to version 9.0.99, Aikido shows a ⚠️ icon.

Clicking the ⚠️ reveals a description of the breaking changes and a link to the changelog.

Upgrade impact analysis

Even if there are breaking changes in the dependency update, this does not mean your code is affected by these changes. The breaking changes could be in a function that is not used in your codebase. Upgrade impact analysis goes one step further by scanning the codebase for usages of the library to determine whether the breaking changes are impacting your codebase.

Aikido AutoFix performs upgrade impact analysis when a pull request is created. The description of the pull request will contain the result of the analysis, falling into 1 of these 3 categories:

• There are no breaking changes in the library upgrade ✅

• There are breaking changes but they are not affecting your codebase ✅

• There are breaking changes that affect your codebase, manual mitigation is required ⚠️

In the example below mongoose is updated from version 5.13.21 to 6.13.6. The pull request shows there are 2 breaking changes affecting the codebase and outlines which files are affected and what the impact is: