top | item 45268654 (no title) johtso | 5 months ago Maybe one approach would be to pin all dependencies, and not use any new version of a package until it reaches a certain age. That would hopefully be enough time for any issues to be discovered? discuss order hn newest rapfaria|5 months ago People living on the latest packages with their dependabots never made any sense to me, ADR. They trusted their system too much LtWorf|5 months ago If you don't review the pinned versions, it makes no difference. pfych|5 months ago Packages can still be updated, even if pinned. If a dependency of a dependency is not pinned - it can still be updated.
rapfaria|5 months ago People living on the latest packages with their dependabots never made any sense to me, ADR. They trusted their system too much LtWorf|5 months ago If you don't review the pinned versions, it makes no difference.
pfych|5 months ago Packages can still be updated, even if pinned. If a dependency of a dependency is not pinned - it can still be updated.
rapfaria|5 months ago
LtWorf|5 months ago
pfych|5 months ago