How do you keep up with changes to open source deps.

Question

We use a lot of open source code and it changes a lot, we try to stay current by updating dependencies on roughly a half-year cadence.Most of the time we are able to catch any regressions before they hit production but there's a few that always make it through.We've been discussing implementing some more structured way of reviewing changes to external dependencies, perhaps assigning individuals/teams to watch a dependency and review any changes as they come in.I'm curious to hear HN's thoughts, how have y'all been dealing with changes to external dependencies? any approaches that you'd recommend?

fmakunbound · Accepted Answer

I pick a platform/language that's stable. e.g. Common Lisp.
The libraries everyone use typically don't change -- you can usually get away with not even specifying a version number.
The language hasn't changed since being standardized decades ago. That doesn't mean its deficient -- it's a programmable programming language, thus various things that are features of other languages are just more libraries in Common Lisp.

JVillella · Answer

Can you fully lockdown your dependencies and look at the diffs whenever you attempt an update?