HackerTrans
TopNewTrendsCommentsPastAskShowJobs

radicalexponent

no profile record

comments

radicalexponent
·w zeszłym roku·discuss
Step one in making a new repo is disabling Dependabot. Automate intentionally or get pwned your choice.

Also, is automated version bumps really such a good thing? Many times I have wasted hours tracking down a bug that was introduced by bumping library. Sometimes only the patch version of the library is different so it shouldn't be breaking anything... but it does! It is so much better to update intentionally, test, deploy. Though this does assume you have a modest number of dependencies which pretty much excludes any kind of server-side javascript project.