Hi Ido! I completely agree, in this article I tried to cover the basic points without going too deep. Ideally we would not have to worry about breaking changes if we follow SemVer correctly, but in reality there are package updates which introduce breaking changes which sometimes not even the package maintainers are aware of. In this case, it will be best to pin dependencies, but should be used as the last resort.
I disagree on always pinning all dependencies since the dependency tree will keep updating anyway, and any security fixes in the package updates will be missed. But these priorities change depending on the type of project we're working with. I think there is no right-wrong answer here, but a discussion on the matter is important.
Thank you for your input. I wasn't aware of the tools you have provided. Will take a look at them!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi Ido! I completely agree, in this article I tried to cover the basic points without going too deep. Ideally we would not have to worry about breaking changes if we follow SemVer correctly, but in reality there are package updates which introduce breaking changes which sometimes not even the package maintainers are aware of. In this case, it will be best to pin dependencies, but should be used as the last resort.
I disagree on always pinning all dependencies since the dependency tree will keep updating anyway, and any security fixes in the package updates will be missed. But these priorities change depending on the type of project we're working with. I think there is no right-wrong answer here, but a discussion on the matter is important.
Thank you for your input. I wasn't aware of the tools you have provided. Will take a look at them!