Ask HN: Does frequently upgrading dependencies add real value to a product?
I’m curious to hear how different teams and individuals approach this. How do you handle frequent upgrades? Do you see it as essential, or do you take a different approach?
What has your experience been?
2. As a general rule, newer means fewer security vulnerabilities, particularly if the project is careful about introducing new features versus bug-fixes. Not always, and maybe you don't want super-bleeding edge releases, but mostly.
3. I've worked in some areas with bureaucratic or governmental impediments, where you want to avoid things that might trigger re-testing or re-certification. That's a reason not to upgrade much, but it does mean you need to actually read the changelogs etc. and have some sort of process for noticing when something is important enough.