alt Hacker News> you just want to see that the file changed
I check the diff for uv.lock (Python counterpart of package-lock.json) every time I merge a PR. It is important to know which direct or transient dependencies have been updated. We don't blindly bump all dependencies to the latest versions (you shouldn't either).
Replies
Groxx • yesterday at 2:59 AM
same - I check the changelog for every major (== minor if v0) and some minor version changes in most of my projects, including at work. I've caught quite a lot of would-have-broken-something changes, and opportunities for fixes/optimizations/etc by doing so. and sometimes they mention fixing a bug we didn't know we had, so we learned about it early before it corrupted too much data.
➕ show 1 reply
Python packages aren't quite so insane on transitive dependencies. The diff of package-lock.json can be novel length.