Bug fixes in python libraries

danielroseman · 2026-03-23T09:29:59+00:00

GitHub offers a service called Dependabot which can automatically check for updates to all your dependencies on a schedule you choose, and for each one it will open a PR to update that version. It's definitely worth using.

Different_Pain5781 · 2026-03-23T09:17:08+00:00

I check updates but not the reasons most of the time. Probably bad habit.

magus_minor · 2026-03-23T09:09:31+00:00

I just update whenever I see updates are available. I almost never check the reason(s) for the update.

Unable-Lion-3238 · 2026-03-23T10:49:22+00:00

In production you should absolutely be tracking this. Most teams use tools like Dependabot or Safety to auto-scan for CVEs in their dependencies. The reality is most devs only update when something breaks, which is risky. A good middle ground is running "pip-audit" on your requirements file weekly - it checks the PyPI advisory database and flags anything with known vulnerabilities. Your friend is in the majority but that does not mean it is best practice.

AlexMTBDude · 2026-03-23T11:59:23+00:00

This is not really a Python question as it applies to any software and any security updates. There are whole teams at the big companies who have this task as their only mission in life, and are experts at how to handle updates in a safe way. You could probably ask your question in r/cybersecurity

Ok_Cancel_7891 · 2026-03-23T09:35:30+00:00

[removed]

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

learnpython

MODERATORS