Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apply Dependency Pinning #155

Closed
duggalsu opened this issue Jul 19, 2022 · 1 comment · Fixed by #349
Closed

Apply Dependency Pinning #155

duggalsu opened this issue Jul 19, 2022 · 1 comment · Fixed by #349
Labels
abuse Abuse of platform or infrastructure

Comments

@duggalsu
Copy link
Collaborator

For Reproducible code

Practically: Replace all '^~>' in dependencies to fixed version

Provides

  • Certainty
  • Visibility

Pros -

  • Ease of debugging
  • Ease of deployment
  • Ease of commit rollbacks
  • Force PR for dependency version upgrades
    • Prevents breaking changes to pass through testing
    • Prevents malicious upgrades to be applied

Cons

  • Upgrade noise - Due to multiple merge PRs. Require automation for PR merging using eg Renovate, Dependabot
  • Cannot use with libraries

References
@duggalsu duggalsu changed the title Enforce Dependency Pinning Apply Dependency Pinning Jul 19, 2022
@dennyabrain dennyabrain added the abuse Abuse of platform or infrastructure label Aug 26, 2022
@duggalsu duggalsu mentioned this issue Aug 30, 2023
Merged
@duggalsu
Copy link
Collaborator Author

duggalsu commented Sep 5, 2023

Fixed with PR #349

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
abuse Abuse of platform or infrastructure
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Apply dependency pinning and update Node LTS duggalsu/Uli
2 participants
@dennyabrain @duggalsu