2. In general we don't bump dependencies, unless they are for critical bug fixes.
3. We weight the risk of new regression vs bug fixes. To state the obvious, we wouldn't backport a bug fix if it only affects a very small number of use cases but require very complex changes. There is huge gray zone in between here that'd rely on committer's judgement.
On Tue, Apr 24, 2018 at 3:56 PM, Cody Koeninger <[hidden email]> wrote:
This is pretty much standard semantic versioning: https://semver.org/ Maintenance branch releases are for bug fixes; minor releases have new features.
Of course at some level it all depends on judgment, too.