publib
publib copied to clipboard
cdklabs
Pin dependencies
Hi there,
As #1107 was introduced by a new minor update to a maven task run in the release process I was wondering what you would think of (optionally?) pinning all used dependencies? Package managers don't seem to rapidly change their publishing workflows so I would assume what works now should also work in the future, so there is not necessarily a need to stay on top of all dependency updates. I'd love to have an option to limit the impact of dependency updates so that my main workflows can remain stable.
I'm more than happy to do a PR if you feel like this is a valuable addition to the project.
Yes, that seems like a good idea. It seems the Maven team noticed and fixed the bug that caused this report already, but it's probably a good idea in general.
The downside being that if the repository teams want to roll out mandatory updates, we won't get them for free anymore :). But still, explicit is better than implicit. So please, and thank you!
