top | item 46659732

(no title)

Thank you for expressing my thoughts as well. The article seems to be full of contradictory “advice”.

Use a dependency cooldown, okay … but don’t commit your lockfile so you are always running the latest transitive deps? That’s nuts.

discuss

Uvix|1 month ago

Depends on the package manager. With some you'll get the oldest transitive deps that meet all dependency requirements, not the newest.