Keeping up dependencies up to date

[FunkyMuse]

As tech moves forward, it's a smart idea to introduce renovate or dependabot to keep some dependencies up to date, sometimes even minor versions have important fixes.

[panpf]

I don't think I need it. There are two situations when a dependent library is upgraded:

1. I don't need to modify the code, I just need to modify the version number. In this case, you can rely on the new version when using it
2. I need to modify the code to adapt to new destructive changes. In this case, I need to upgrade the version number and modify the code to adapt. In this case, dependabot is meaningless

This is just my current idea. Welcome to further communication

[FunkyMuse]

Maybe a little more balanced approach:

1. Use automation for minor/patch versions and security updates
2. Handle major versions manually

The manual approach has some drawbacks:

1. Risk of falling behind and abandonment of the library- easy to postpone updates indefinitely
2. May miss critical security updates (although happens very rarely but still)
3. Technical debt can accumulate
4. More time-consuming when updates are finally done
5. Requires manual tracking of dependency releases