I'm a self-taught dev focused on websites and Python development.
My friends call me the "Data Genie".
When I get bored, I find tech to read about, write about and build things with.
It comes down to preference. In general in software you should lock your versions especially for software maintained by other people. I am going to edit to use v2 above consistently. You can use @v2.3.4 if you need more control.
If you use @master you will get any commits on master, regardless of what is tagged and this introduces risk because that commit might be failing build (tests fail or bad syntax).
And if the author makes a significant changes from v2.0.0 to v3.0.0 that is not backwards compatible, your next workflow run could break. Like if you pass an argument as foo-bar but in the new version it is foo_bar then you'll silently pass a useless parameter.
So lock the version. And bump the version if you want a feature or fix or maybe a vulnerability fix.
When new version comes out, wait for it to be around a while (bugs get fixed and the version gets widely used) then you can adopt it as well.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hey Sam.
It comes down to preference. In general in software you should lock your versions especially for software maintained by other people. I am going to edit to use v2 above consistently. You can use
@v2.3.4if you need more control.If you use
@masteryou will get any commits on master, regardless of what is tagged and this introduces risk because that commit might be failing build (tests fail or bad syntax).And if the author makes a significant changes from
v2.0.0tov3.0.0that is not backwards compatible, your next workflow run could break. Like if you pass an argument asfoo-barbut in the new version it isfoo_barthen you'll silently pass a useless parameter.So lock the version. And bump the version if you want a feature or fix or maybe a vulnerability fix.
When new version comes out, wait for it to be around a while (bugs get fixed and the version gets widely used) then you can adopt it as well.