English

Dependency Update Adoption Patterns in the Maven Software Ecosystem

Software Engineering 2025-04-11 v1

Abstract

Regular dependency updates protect dependent software components from upstream bugs, security vulnerabilities, and poor code quality. Measures of dependency updates across software ecosystems involve two key dimensions: the time span during which a release is being newly adopted (adoption lifespan) and the extent of adoption across the ecosystem (adoption reach). We examine correlations between adoption patterns in the Maven software ecosystem and two factors: the magnitude of code modifications (extent of modifications affecting the meaning or behavior of the code, henceforth called ``semantic change") in an upstream dependency and the relative maintenance rate of upstream packages. Using the Goblin Weaver framework, we find adoption latency in the Maven ecosystem follows a log-normal distribution while adoption reach exhibits an exponential decay distribution.

Keywords

Cite

@article{arxiv.2504.07310,
  title  = {Dependency Update Adoption Patterns in the Maven Software Ecosystem},
  author = {Baltasar Berretta and Augustus Thomas and Heather Guarnera},
  journal= {arXiv preprint arXiv:2504.07310},
  year   = {2025}
}

Comments

Pre-print for MSR 2025, see https://2025.msrconf.org/details/msr-2025-mining-challenge/19/Dependency-Update-Adoption-Patterns-in-the-Maven-Software-Ecosystem

R2 v1 2026-06-28T22:52:58.928Z