Comment by williamjackson
11 hours ago
Thank you for expressing my thoughts as well. The article seems to be full of contradictory “advice”.
Use a dependency cooldown, okay … but don’t commit your lockfile so you are always running the latest transitive deps? That’s nuts.
Depends on the package manager. With some you'll get the oldest transitive deps that meet all dependency requirements, not the newest.