How to track an updates to a 3party libraries?

6 points by svetlyak40wt ↗ HN
As any software developer, I use many 3-party libraries in my daily job. Mostly, they are python libraries, but I think this theme should be language agnostic.

In python, we could store project's dependencies in different ways. They could be stated in the setup.py file or in pip's requirements.txt file. Some programmers prefer to pin exact version numbers some are not. I'm belonging to the first group.

Although pinning exact version numbers keeps me from accidental update to a backward incompatible versions, it also keeps me from updating (and more importantly from discovering) to a bug/security fixes, introduced in these new versions.

What do you use to follow 3-party libraries updates? How to solve this problem and keep on a bleeding edge?

4 comments

[ 2.8 ms ] story [ 16.3 ms ] thread
I'm a Python guy - a 'pip-review' every now is what keeps me in the loop. Admittedly not very elegant but it does the job.
apparently yolk -U does the same
They are doing not exactly what I want. I want to know which changes actually were introduced in version A.B.C.