top | item 24338562

Ask HN: How do you keep up with changes to open source deps.

4 points| davidrusu | 5 years ago

We use a lot of open source code and it changes a lot, we try to stay current by updating dependencies on roughly a half-year cadence.

Most of the time we are able to catch any regressions before they hit production but there's a few that always make it through.

We've been discussing implementing some more structured way of reviewing changes to external dependencies, perhaps assigning individuals/teams to watch a dependency and review any changes as they come in.

I'm curious to hear HN's thoughts, how have y'all been dealing with changes to external dependencies? any approaches that you'd recommend?

4 comments

fmakunbound|5 years ago

I pick a platform/language that's stable. e.g. Common Lisp.

The libraries everyone use typically don't change -- you can usually get away with not even specifying a version number.

The language hasn't changed since being standardized decades ago. That doesn't mean its deficient -- it's a programmable programming language, thus various things that are features of other languages are just more libraries in Common Lisp.

davidrusu|5 years ago

Sounds like you avoid the problem entirely, wish we could do the same but we've committed to a working in a ecosystem that is still quite nascent which leads to a lot of churn in our deps.

JVillella|5 years ago

Can you fully lockdown your dependencies and look at the diffs whenever you attempt an update?

JVillella|5 years ago

This project looks interested as well https://github.com/crev-dev/crev