Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Pin dependency versions

See original GitHub issue

Creating this issue for discussion. Happy to not do it—this is just a suggestion.

Pinning versions is generally good practice, in my opinion, because it means that we know exactly what gets installed in development and on our users’ machines. And we’re all touching this project so frequently that it’s unlikely we’ll let something get super stale.

Installation process for a new package becomes

npm install --save-exact some-package

Issue Analytics

State:
Created 2 years ago
Comments:7 (7 by maintainers)

Top GitHub Comments

2reactions

threepointonecommented, Jan 11, 2022

Reasonable points. Yeah, let’s pin versions.

I’d like to still discuss renovate/dependabot auto updates separately. I don’t agree that all dependencies have to be constantly updated (especially know how they’re usually built and pushed out there.) Happy to narrow it down to actual security issues and such, but even then I’d prefer a more nuanced approach.

1reaction

petebacondarwincommented, Jan 11, 2022

For sure, we should discuss renovate separately - there is no rush for that.