
Ask HN: How do you keep up with changes to open source deps. - davidrusu
We use a lot of open source code and it changes a lot, we try to stay current by updating dependencies on roughly a half-year cadence.<p>Most of the time we are able to catch any regressions before they hit production but there&#x27;s a few that always make it through.<p>We&#x27;ve been discussing implementing some more structured way of reviewing changes to external dependencies, perhaps assigning individuals&#x2F;teams to watch a dependency and review any changes as they come in.<p>I&#x27;m curious to hear HN&#x27;s thoughts, how have y&#x27;all been dealing with changes to external dependencies? any approaches that you&#x27;d recommend?
======
fmakunbound
I pick a platform/language that's stable. e.g. Common Lisp.

The libraries everyone use typically don't change -- you can usually get away
with not even specifying a version number.

The language hasn't changed since being standardized decades ago. That doesn't
mean its deficient -- it's a programmable programming language, thus various
things that are features of other languages are just more libraries in Common
Lisp.

~~~
davidrusu
Sounds like you avoid the problem entirely, wish we could do the same but
we've committed to a working in a ecosystem that is still quite nascent which
leads to a lot of churn in our deps.

------
JVillella
Can you fully lockdown your dependencies and look at the diffs whenever you
attempt an update?

~~~
JVillella
This project looks interested as well [https://github.com/crev-
dev/crev](https://github.com/crev-dev/crev)

