Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So if you have a project that uses a (even small) number of libraries, how to you keep track of being affected of some specific bug of some library?



A) New library versions are roughly as likely to introduce new bugs, as they are likely to fix old bugs. (If not, why are there still so many updates, you should be running out of bugs ...)

B) If you run into a bug, update that library, then look into fixing it and offering a PR with the fix. Easy-peasy.

Compared to: oh this is a bug in a library that's fixed in an update ... but then we need to update another library it depends on, but that requires an update to nodejs, but that requires us to update some other libraries, which introduce a new more serious regression, so we can't unless we re-write to remove that dependency ...


You submit a bug report and (assumedly) get a fast response because they explicitly prioritize fixing bugs over adding new features.


I guess in most cases you will be affected by bugs that you did not notice let alone report.


More reason to prefer a more deliberate release cycle! Focusing on security and stability restricts the area available to bugs significantly more than chasing hot new features all the time.


And also helps make for minimal changes when you ultimately find you need to move on from your current version. Probably why a lot of people stick with emacs/vim/whatever over every new fangled editor that comes out




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: