I've been bitten by pinning to latest versions before and definitely agree that where possible we should make sure that things are pinned exactly.
Then we can use tools like Whitesource Renovate / Dependabot to manage updates automatically.
Tag version-pinning
Liked
a post on Twitter
Post details
Looks like the AWS CDK is broken because the dependency on colors.js which has a totally hilarious bug: github.com/aws/aws-cdk/is… It shows "LIBERTY LIBERTY LIBERTY".Soenke Ruempler (@s0enke)Sun, 09 Jan 2022 18:43 GMT
Liked
a post on Twitter
Post details
People screaming as someone fucked up their OSS code on purpose. If only there was some way AWS could have, you know, pinned a specific version of a package for cdk... Oh wait there was.Chris McKee (@chrismckee)Sun, 09 Jan 2022 23:49 GMT
Liked
a post on Twitter
Post details
How can we even start talking about supply chain security and sustainability if a maintainer publishing a bad npm package version breaks everyone instantly? Stable, deterministic pinning is table stakes. theverge.com/2022/1/9/22874…Filippo ${jndi:ldap://filippo.io/t} Valsorda (@FiloSottile)Sun, 09 Jan 2022 22:23 GMT
Why I Consistently Reach for Server-Driven Content Negotiation (For Versioning) (5 mins read).
Why I use server-driven content negotiation for APIs to allow for versioning and allowing different representations of APIs.
by 
Jamie Tanna
.
#api
#content-negotiation
#rest
#web
#versioning
#version-pinning.
Version pinning is always a difficult line to walk - you don't want things to change when you're not expecting them to (such as here) but you also don't want to be pinned to really old versions of software, as that increases risk
You're currently viewing page 1 of 1, of 12 posts.