i just spent 3 hours debugging a project because some dude updated a dependency to a major version without changing the version number in the package