Ask HN: How do you keep up with changes to open source deps.

4 points by davidrusu 5 years ago | 4 comments

We use a lot of open source code and it changes a lot, we try to stay current by updating dependencies on roughly a half-year cadence.

Most of the time we are able to catch any regressions before they hit production but there's a few that always make it through.

We've been discussing implementing some more structured way of reviewing changes to external dependencies, perhaps assigning individuals/teams to watch a dependency and review any changes as they come in.

I'm curious to hear HN's thoughts, how have y'all been dealing with changes to external dependencies? any approaches that you'd recommend?

fmakunbound 5 years ago |

I pick a platform/language that's stable. e.g. Common Lisp.

The libraries everyone use typically don't change -- you can usually get away with not even specifying a version number.

The language hasn't changed since being standardized decades ago. That doesn't mean its deficient -- it's a programmable programming language, thus various things that are features of other languages are just more libraries in Common Lisp.

davidrusu 5 years ago | |

Sounds like you avoid the problem entirely, wish we could do the same but we've committed to a working in a ecosystem that is still quite nascent which leads to a lot of churn in our deps.

JVillella 5 years ago |

Can you fully lockdown your dependencies and look at the diffs whenever you attempt an update?

JVillella 5 years ago | |

This project looks interested as well https://github.com/crev-dev/crev