[hombre_fatal]

Node deps are pinned: https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-j...

The problem is that you also want to update deps.

[bfivyvysj]

Why?

[NetMageSCW]

Because they could have a security flaw that might compromise your project or any users of it.

[vablings]

For any of my rust projects I really don't bump my deps unless dependabot shows a serious vulnerability or I want to use a new feature added. Outside of that my deps are locked to the last known good version i use.