Hacker News new | ask | show | jobs
by williamjackson 156 days ago
Thank you for expressing my thoughts as well. The article seems to be full of contradictory “advice”.

Use a dependency cooldown, okay … but don’t commit your lockfile so you are always running the latest transitive deps? That’s nuts.
1 comments
Uvix 156 days ago
Depends on the package manager. With some you'll get the oldest transitive deps that meet all dependency requirements, not the newest.
link