These are some notes on my process when I review dependency updates for both JavaScript and Python projects at Hypothesis.
Before adding a dependency to a project, consider the impact on future maintenance. If what the dependency does for the project can be implemented with only a few lines of code, or can be implemented in an alternative way using dependencies the project already has, it may be a better choice to do that and avoid the dependency.