Pin exact dependency versions

Published on in Miscellaneous

In a perfect world, minor- and patch-level version bumps don't have breaking changes. In the real world, things are complicated and shit happens.

Example: I recently witnessed yarn install starting to fail mysteriously after Node.js was automatically upgraded from v18.16 to v18.18.

I had thought that pinning the major-level version number of Node.js would have prevented this kind of sudden breakages, but nope.

Had the Node.js version been pinned to v18.16.1 or even just v18.16, yarn install wouldn't have started to suddenly fail.

Yes, yarn install would have probably started to fail later when upgrading Node.js manually, but that's not as bad. Sudden breakages are worse because they often require acute investigation, making your workdays more reactive than proactive.

So, note to self: pin exact dependency versions (x.y.z instead of just x.y or x) to be on the safe side.