Comment by selcuka

1 day ago

> you just want to see that the file changed

I check the diff for uv.lock (Python counterpart of package-lock.json) every time I merge a PR. It is important to know which direct or transient dependencies have been updated. We don't blindly bump all dependencies to the latest versions (you shouldn't either).

7 comments

selcuka

panzi 21 hours ago

Python packages aren't quite so insane on transitive dependencies. The diff of package-lock.json can be novel length.

gjvc 7 hours ago
write your requirement.txt files via
pipdeptree --freeze
to see this clearly

Groxx 21 hours ago

same - I check the changelog for every major (== minor if v0) and some minor version changes in most of my projects, including at work. I've caught quite a lot of would-have-broken-something changes, and opportunities for fixes/optimizations/etc by doing so. and sometimes they mention fixing a bug we didn't know we had, so we learned about it early before it corrupted too much data.

Maxion 19 hours ago
It's nice to have that luxury, we just don't have the manpower to devote to that. Major versions sure, otherwise it's just update and run test-suite and some smoke tests.
- Groxx 18 hours ago
  
  it helps a lot if you make an effort to keep your dependency tree relatively small
  
  1 reply →