[bazqux2]

It worked for me. After countless injections of errors after updating a large list dependencies we made the decision to stop updating and freeze the versions, patch remaining errors ourselves and leave it alone. Worked so well we now have time to rebuild the whole front end on a new stack as an experiment instead wasting time with endless bug hunts.

[davexunit]

Maybe bundling is fine for your in-house proprietary software, but it's absolutely not OK for free software where users and administrators need to keep on top of things like security updates. When projects bundle their dependencies, users become dependent on that project to provide critical updates to software that the project didn't even write. This multiplies for each piece of software that bundles their dependencies. It's simply unsustainable and irresponsible.

[bazqux2]

I agree. Someone making free OS software for others to use shouldn't bundle.

I made the assumption on the top post that they were in-house proprietary software given the reference to keeping everything in git.

[davexunit]

I guess we're on the same page! Sorry!