Hacker News new | past | comments | ask | show | jobs | submit login

It's the dependency updates. It doesn't consider if the update makes sense or not. If it fixes vulnerabilities it must be updated, but just for the sake of updating, I don't see the point.



If you don’t want to update dependencies frequently, then you should probably stop using (or reconfigure) the tool whose primary purpose is to help you update dependencies more frequently ;)


Well, I can't not use it since it's a company wide policy, but I agree with you.


The main reason to update dependencies is that when emergencies do arise, you don't want to be in the situation where your only options are:

1. take on the additional risk of months or years of changes in between

2. beg or plead with (or throw money at) upstream to patch your old version

3. attempt to patch it yourself, potentially introducing new issues because you're not the ___domain expert




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: