Y
Hacker News
new
|
ask
|
show
|
jobs
by
johtso
276 days ago
Maybe one approach would be to pin all dependencies, and not use any new version of a package until it reaches a certain age. That would hopefully be enough time for any issues to be discovered?
2 comments
rapfaria
276 days ago
People living on the latest packages with their dependabots never made any sense to me, ADR. They trusted their system too much
link
LtWorf
276 days ago
If you don't review the pinned versions, it makes no difference.
link
pfych
276 days ago
Packages can still be updated, even if pinned. If a dependency of a dependency is not pinned - it can still be updated.
link