Comment by johtso
2 months ago
Maybe one approach would be to pin all dependencies, and not use any new version of a package until it reaches a certain age. That would hopefully be enough time for any issues to be discovered?
2 months ago
Maybe one approach would be to pin all dependencies, and not use any new version of a package until it reaches a certain age. That would hopefully be enough time for any issues to be discovered?
People living on the latest packages with their dependabots never made any sense to me, ADR. They trusted their system too much
If you don't review the pinned versions, it makes no difference.
Packages can still be updated, even if pinned. If a dependency of a dependency is not pinned - it can still be updated.