Hacker News new | past | comments | ask | show | jobs | submit login

And this is why you pin your dependencies + never install the latest version of anything.



The lesson here is different: package developers must put upperbounds on major versions of dependencies that follow semver.


Should this be the take away? It looks to me that people are building pipelines without taking into account that they change roles every time they have to build a package, from a package consumer to a package packager. Even if the package developers set an upper bound on the build dependency it is the packagers responsibility to provide a deterministic build environment.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: