►
From YouTube: Code Review Weekly Workshop - Aug 11, 2023
Description
In this session we talk about code review!
00:00 - Intro
00:35 - Sometimes reviewing in the terminal is easier
05:10 - A thoughtful review question on test coverage
09:45 - Enforcing responsibilities and avoiding leaky abstractions
16:12 - Question about punting on a question to maintainers
25:30 - Pair reviewing on some dependency updates
B
A
Last
August,
so
this
has
been
going
on
for
a
year
which
I
couldn't
believe
that
it's
already
been
a
year
that
we've
been
doing
this,
which
there
you
go
all
right
well,
I,
had
something
I
wanted
to
share
so
I'm
gonna
share.
My
screen
and
I
was
gonna
hop
into
this
Mr,
which
Miguel
put
together,
which
I
thought
I
had
approved
and
merged,
but
I
guess
not:
okay,
either
way,
it's
removing
a
whole
bunch
of
unused
data
test,
IDs
a
whole
bunch
from
102
files.
A
A
A
I
just
need
to
look
at.
Did
we
get
rid
of
a
data
text?
Id
thing?
That's
that's
all
it
really
concerned
about.
So
it
can
be
easier,
sometimes
to
actually
look
at
the
diff
in
the
terminal
and
set
this
unified
diff
parameter
with
zero
context
so
that
it
looks
like
that's
and
then
I
can
just
scroll
through
it's
like
yeah.
We
got
rid
of
test
ID
yeah.
We
got
rid
of
a
data
test
ID,
it's
like
yeah.
A
We
got
rid
of
data
testing
and
this
could
just
be
make
it
a
little
faster
as
I
review
things
to
see
this
very
compressed
View.
Sometimes,
when
we've
gotten
rid
of
lines
like
this
we've,
even
I,
think
you
can
get
rid
of
all
the
like
file,
headers
and
stuff
and
I've
done
something
to
just
verify.
We're
only
removing
lines
that
look
like
this.
That's
the
only
thing
we
I
can
kind
of
care
about
so
yeah.
Sometimes
looking
at
the
Mr
through
different
perspectives
can
help
you
be
more
efficient
when
reviewing
it.
A
So
this
little
parameter
on
the
diff
thing,
this
Dash
capital.
U
zero,
helps
me,
do
the
unified
diff
with
zero
context
and
was
helpful
at
reviewing
the
SMR,
which
I
somehow
neglected
to
merge.
Oh
no,
oh
I
enabled
an
automatic
merge.
Oh,
but
something
may
have
happened.
Oh
a
danger
error,
oh
I,
just
okay!
Well,
there
we
go!
That
was
my
thing.
I
wanted
to
share.
A
A
C
C
But
let
me
see
if
I
can
quickly
find
it
there
we
go
so
what
I
did
is
I
removed
and
shared
function,
util
method,
one
of
those
and
I
just
did
it
that
that
was
about
it
and
the
pipe
that
was
green
and
I.
Yeah
went
to
the
pub
basically
and
Peyton
then
came
along
was
like
well,
usually
we
speak
about
test
gaps
when
we
add
stuff-
and
he
was
like
we're-
not
removing
any
specs
from
this.
C
This
is
this
thing's
still
running,
which
I
kind
of
really
loved
as
if
in
well.
Maybe
we
should
speak
about
test
caves
even
when
we're
removing
them
or
even
when
we,
when
we
identified
them
and
we're
already
past
it,
it
kind
of
turned
out
to
be
good
as
if
and
the
thing
is
rather
trivial
and
we
are
testing
the
the
usage
of
it.
C
So
the
answer
was
kind
of
well
we're,
probably
okay
with
you,
but
I
was
a
big
fan
of
the
approach
as
if
and
something
still
out
here
so
just
to
have.
It
said
that
might
be
something
to
to
keep
an
eye
out
if
we're
just
removing
things
and
everything
still
working
as
expected,
maybe
be
suspicious
about
it.
D
C
Would
be
yes
very
much
so
that
would
be
one
approach
and,
on
the
other
hand,
like
the
test
gaps,
don't
come
alone
many
times
it
would
be
like
what
is
going
on
here.
What
util
file
are
we
speaking
of?
Did
we
remove
it
completely?
Are
they
still
leftovers?
Are
those
coverage
like
basically
check
surroundings?
Maybe
that
might
be
something
where
there
could
be
could
be.
Some
potential
findings
still
open.
A
A
B
Actually,
I
actually
had
to
do
something
similar
a
couple
of
weeks
ago
when
I,
oh
yeah.
Basically,
the
fox
button
Forks
button
on
the
project.
Page
I
migrated
that
over
to
a
view
component,
but
the
fork
button
has
some
intricate
logic
to
decide
whether
or
not
it's
disabled
or
it's
a
link
to
the
forks
page
or
to
the
new
Fork
page
yeah
that
stuff
and
that
was
not
tested.
So
I
wrote
I,
had
to
write
some
specs
for
the
old
code
to
make
sure
that
the
new
one
worked.
B
A
A
A
Let
me
share
this.
Let
me
share
this
I
called
I
titled,
this
idea
of
keeping
an
eye
on
the
responsibility
of
the
module
or
whatever
you're
reviewing.
So
here
is
an
MR.
It
was
not
big
and
it
was
pretty
straightforward
was
what
was
going
on,
but
I
left
the
question
because
I
saw
so
we
have
like
some
sort
of
create
form.
A
Let
me
see
if
I
can
like
open
up
a
whole
old
version
of
the
deaf.
We
have
like
some
sort
of
form.
That
creates
a
thing
when
we
finish
creating
the
thing
whether
it
failed
or
passed.
We
then
were
emitting
hey
time
to
hide
me
and
I
thought.
Well,
that's
weird!
If
it
fails
like
I
imagine
the
user
would
want
to
like
retry
the
action
and
not
just
we'd,
only
just
hide
the
form
if
it
failed.
A
So
that
was
my
original
question,
but
then
I
kind
of
just
mentioned
as
a
side
as
like,
and
maybe
we
should
just
call
it
hide
because
from
this
context,
the
only
things
we
were
admitting
we
had
two
events.
We
were
emitting,
we
were
emitting
reload
and
we
were
emitting
hide
ad
form,
and
so,
from
my
perspective,
it's
like
well,
we
are
the
four
let's
just
submit
when
we
need
to
hide
ourselves.
A
We
don't
have
to
call
ourselves
to
add
so
then
the
contributor
who
I
now
who's
also
like
our
product
designer
so
like
working
on
a
whole
bunch
of
ux
paper
cuts,
but
he's
like
doing
a
lot
of
code
too.
So
it's
so
he's
kind
of
got
his
foot
talk
talk
about
them
being
like
a
full
stack
engineer.
This
is
like
full
stack
like
augmented
one
level.
It's
like
full
stack
and
doing
the
product
design,
stuff
Islamic
Sun,
but
so
the
question
was
well
would
renaming
it
to
hide.
A
Make
sense,
because
we
want
to
hide
the
ad
form
and
so
I
then
realized
from
the
scope
that
we're
at
I
was
like.
Oh
the
way
we're
naming
things
was
like
we
were
actually
trying
to
tell
the
parents
what
the
parent
needed
to
dip.
So
that's
how
the
events
were
named
rather
than
the
child
admitting
its
events
and
states
and
the
parent
decides.
What
to
do.
A
Reload
was
like
telling
the
parent
hey
I'm
done
now.
You
need
to
reload
parent
or
hey
I'm
done
now.
You
need
to
hide
me
parent
and
that's
a
very
subtle
abstraction
breakage,
where
children
shouldn't
tell
parents
what
to
do
as
a
parent,
I
completely
concur
anyways,
so
the
suggestion
was:
oh,
it
shouldn't
be
confusing.
We
should
because
we're
just
listening
just
to
this
form,
we
can
call
it
hide,
but
now
that
I
looked
at
it
we.
Why
are
we
even
telling
the
parent
that
the
parent
needs
to
hide
me?
A
A
I.
Just
listened
to
success
and
canceled
and
success
happens
to
hide
and
do
a
Reload.
But
that's
me
as
the
parents
be
concerned
about,
so
it's
very
easy
for
when
the
abstraction
breaks
for
then
hide
ad
form
to
not
actually
hide
the
form
or
for
reload
to
not
actually
cause
a
Reload
of
stuff.
So
even
though
things
were
still
functional,
keeping
the
boundary
of
responsibilities
goes
a
long
way
and
so
I
kind
of
have
to
judge
the
fatigue
of
an
MR.
E
A
D
That's
interesting
now,
on
the
specific
case,
something
like
this
is
like
maybe
hard
to
see
if
you're
too
close
to
the
code,
meaning
like
it,
might
be
easier
for
a
reviewer
to
see
this
than
the
actual
person
writing
the
code
because
they
feel
like
they're
all
in
the
form,
and
it
feels
like
you
know
what
I
mean
yeah
100,
maybe
that
abstraction
started
in
the
form
and
it
broke
out
into
another
component.
And
at
that
point
you
know
it
like
kind
of
made
a
lot
of
sense
and
then.
A
A
E
E
A
D
It's
more
about
was
I
being
lazy,
because
what
I
did
was
I
said
I
kind
of
agree
with
you,
but
I,
don't
know
and
I
kind
of
feel
like
after
I
wrote
that
and
then
you
know
like
five
minutes
later.
I'm,
like
maybe
I,
should
have
went
to
slack
and
done
the
legwork
to
ask
others
opinions
on
this,
because
it
seems
like
something
that
was
like
not
documented.
That
probably
could
have
been.
But
you
know
the
knowledge
was
out
there
somewhere.
A
F
I,
don't
think
it's
lazy,
I
mean
I,
usually
try
to
go
by,
especially
when
the
when
I
I
do
reviews
for
it
and
I
don't
want
to
be
a
maintainer
I
I
have
to
go,
buy
what
it
says
in
the
docks
and
so
I
feel
like.
If
it's
not
specified
in
the
docs,
then
maybe
it's
up
to
the
author.
I
mean
man,
I
mean
I.
Guess
you
could
have
asked
yeah
I
mean
these
removals
are
already
like
multiple
step
processes,
right
yeah,
like
the
ignore
column
and
this,
and
that.
D
I
feel
like
it
was
an
unknown.
You
know
it's
like
it
made
sense
to
me
and
I
gave
my
contents
to
the
context
in
the
reply
when
it
made
sense
but
I'm
like
I,
don't
know,
maybe
you
know
I'm
kind
of
like
not
certain
if
I'm
breaking
you
know
like
potentially
breaking
something
here,
but
you
know
my
fear
of
leaving
it
and
being
lazy
like
this.
Is
that
I
knew
perhaps
due
diligence
could
have
been
more
and
now
I'm
relying
on
the
maintainer
to
do
that
due
diligence?
Is
that
fair.
A
A
If
it's
not
obvious,
what
should
happen
is
like
I,
don't
know,
let's,
let's
get
more
people,
let's
get
more
eyes,
that's
totally
fine,
and
if
the
maintainer
at
the
end
of
the
day,
that's
like
well
I'm
I'm,
the
one
that's
going
to
merge
this
and
I
say
we
should
do
it
this
way.
It's
like
okay.
Let's
do
it
that
way,
like
that's
I
I.
Do
that
all
the
way,
all
the
time
where
it's
like
I.
A
Let's,
let's
get
someone
else
how's
this
opinion
because,
probably
because
I've
gone
like
because
one
possible
outcome
is
you
do
it
this
way
and
the
maintainer
says:
why
did
you
do
everything?
Why
didn't
you
just
do
this
and
then
so
I
think
looping
in
more
people
and
deferring
some
of
those
commitments
can
make
you
maximally
efficient.
D
E
D
F
A
A
A
What
would
be
lazy
is,
if,
like
this
is
the
nth
time.
You've
received
you've
done
this
task
and
the
conclusion
has
been
the
same
every
time,
but
that
would
be
lazy.
I
think
I
think
I've
kind
of
seen,
glimpses
of
that
when
I'm
reviewing
code
and
it's
like-
oh
well,
we
need
to
add
unit
tests
to
a
thing
like
I
said
in
your
last
five
Mrs.
D
F
Yeah
even
reading
through
the
docs
I'm
like
clearly
this
follows
what
the
documentation
says
and
then
one
of
the
maintainers
will
come
along
and
be
like
here's,
the
exacts
that
are
the
ones
that
I
was
looking
at
and
I
misinterpreted
them
or
yeah,
especially
when
it
comes
to
batching
through
large
amounts
of
records.
That
stuff
is
very
complicated,
yeah.
D
E
A
F
A
F
A
A
E
F
A
E
A
A
All
the
pipelines
pass.
This
is
a
patch
version,
so
if
I
was
going
to
over
engineer
this
dependency
update,
I
could
probably
look
for
something
like
node
CVS.
Just
for
that
one
of
like
are
we
doing
new
vulnerabilities
or
whatever,
but
I
think
this?
Is
this
just
got
released?
I,
don't
think
we'd
be
able
to
find
anything.
Oh,
this
is
for
the
types
package.
Here's.
A
F
C
I'll
give
it
a
shot,
at
least
so
it
is
our
view
component
library
or
repository
at
the
end
of
the
day.
So
the
thing
is
consumed
via
an
npm
package
in
our
gitlab
main
reposit
repository
like
the
monolith,
I,
don't
think
we're,
potentially
we're
consuming
is
elsewhere
as
well.
So
it
is
our
component
Library.
Basically,
so
it
is
a
standalone
project
that
does
include
all
the
components
that
we
are
using,
whether
there
are
participate
UI
and
that
is
basically
a
different
Foundation
teams
is
working
on.
The
designers
have
agreed
on
that.
C
D
F
A
So,
based
on
the
commits
that
good
Merchant
domain,
we
will
automatically
generate
a
new
version
of
like.
Is
there
a
Breaking
change
and
that's
going
to
be
a
new
major
version
or
whatever
is
going
on
once
a
new
npm
owns
a
new
gitlab
UI
version,
then
renovate
bot
picks
that
up
and
shoves
it
into
all
the
projects
that
are
using
gitlab,
UI
orb
crates
Mrs
similar
to
this,
but
and
so
when
a
user.
A
When
a
code
Reviewer
is
reviewing
a
gitlab
UI
update,
they
should
probably
look
at
the
change
log
and
see
oh,
how
risky
is
this
update
or
not?
And
if
it's
like?
Oh
we're,
touching
the
button
component
in
a
significant
way,
it's
like
well
buttons
are
used
everywhere
in
gitlab.
I
probably
should
just
do
a
quick
double
check,
but
you.
A
This
is
the
reason
this
must
not
be
showing
up
is
because
it's
not
actually
touching
any
code.
I
think
this
is
touching
this
tool
versions
file,
but
there's
a
pipeline
I
can
run
to
create
an
integration
branch
on
the
main
gitlab
project
for
this
Mr,
so
that
I
could
do
testing
of
a
change
in
integration
with
gitlab.
E
F
Asking
this
because
I
some
of
the
projects
that
I
use
are
I
wonder
about
like
okay,
if
it's
like
a
tiny
little
update
like
this,
maybe
I'm
more
like
oh,
it's,
okay,
but
we
just
had
one
that
was
like
upgrade
get
a
Lee
from
v15
to
V16
so
like
that.
One
to
me
feels
like
maybe
some
tests
in
context
of
gitlab
before
merging
this,
because,
like
all
of
our
tests
passed
in
the
project
but
I,
don't
yeah.
A
A
My
big
question
is:
what
is
the
worst
thing
that
could
happen
and
in
this
situation
the
worst
thing
I
can
think
of,
because
this
node
is
from
Tool
versions,
so
this
is
just
for.
Developers
would
be
like
if
this
node
has
like
some
crazy,
huge
vulnerability
and
the
fact
that
developers
would
be
using
this
on
their
machines.
That's
or
if
this
has
some
huge
buds
that
when
we
build
our
assets
you,
but
we
don't
build
them
using
this
using
tool
versions.
Node,
that
comes
from
the
docker
containers
of
the
CI
pipeline.
A
A
Look
I,
I,
guess,
there's
different
schools,
if
not
so
I'm,
very
conservative
about
like
I,
don't
want
to
update
things.
Security
keeps
telling
me
to
update
Mac
version,
but
you
know
what
who's
to
say
that
the
Mac
version
they
want
me
to
update
doesn't
have
security
issues,
but
here's
the
thing
that
I
was.
You
know
enlightened
upon,
and
my
early
get
lab
days
of.
Why
we
do
it
this
way.
A
Is
it
probably
does,
but
we
don't
know
them
yet
these
ones
we
do
know
so
we
gotta
update
now,
and
so
it
is
an
arms
race
of
like
yeah.
You
just
got
to
keep
things
updated
and
that's
kind
of
the
the
approach
to
security
when
it
comes
to
dependencies
that
we
adopt
it's
trying
to
trying
to
stay
as
up
to
date
as
possible.
Keeps
you
actually
the
most
secure,
even
though
sometimes
I'm
easy
I
do
like
a
quick
pivot.
If
it's
like
whoa
that
one
wasn't
good.
A
D
E
A
So
but
there
have
been
times
when
I
haven't
merged
a
version,
because
I
went
upstream
and
I
saw
well
there.
This
is
actually
there's
actually
open
issues
for
this
version
that
it's
broken
and
they're
working
on
fixing
it,
and
it's
like.
Okay
in
the
meantime,
let's
just
not
merge
this,
so
I've
I've
done
that
before,
but
so
I
don't
think
it's
like
a.
We
always
have
to
upgrade
but
yeah.
Clearly
based
on
the
change
logs,
like
yeah,
we
probably
should
but.
A
A
A
D
A
A
lot
of
it
is
paranoia
that
I
have
in
my
head
a
what's
the
worst
thing
that
can
happen,
and
it's
like
okay,
I've
thought
of
that.
This
is
why
I
think
we're
okay
and
I've
just
gotta
hype
it
out
and
do
it
so
dependency
updates.
Make
me
concerned
because
it's
like
this,
could
it's
very
e?
It's
it's
seems
really
small,
but
I
mean
it's
on
us.
A
A
A
A
Not
possibly
I
am
wanting
to
just
do
like
a
code
wide
search.
That's
that's
I'm
kind
of
looking
for
that
right
for
anything,
that's
collapsible
response,
but
nope,
it
doesn't
look
like
it.
We
have.
A
number
of
this
is
the
full
Gambit
of
our
gitlab
UI
Imports
and
just
contains
buttons
and
stuff
like
that.
So
yeah,
this
is
pretty
straightforward.
I
then,
when
I'm
feeling
extra
paranoid
is
like
okay,
you
said
you
updated
this
version.
Did
you
really
do
that
dependency?
Bot?
Okay,
the
robots
are
still
doing
what
they
said.
They
do.
A
A
A
A
A
All
right
set
to
Auto
merge
cool
all
right,
we're
getting
things
done.
This
might
be
interesting.
Babble
has
a
patch
update,
it's
a
lot
of
just
patch
updates,
so
these
two
I've
done.
This
is
one.
Let
me
pause
the
Babylon,
because
that's
I
think
it's
going
to
be
pretty
trivial.
I'm,
going
to
show
you
this
one
that
I've
that
I've
been
I've
procrastinated
on.
A
A
right
at
the
top
of
the
change
log.
This
release
deliberately
contains
backwards
and
compatible
changes.
Like
oh
sounds
like
more
than
a
minor
version
and
I
guess
it
happens
when
you're
in
zero
major
version
land,
so
I
was
doing
some
like
breaking
changes
and
then
it's
like,
oh
and
we
also
haven't
updated
since
these
other
18
patches
as
well.
So
it's
like,
oh
a
number
of
things
could
actually
change
here
and
so
es
builds
is
a
Dev
dependency.
E
A
So
that's
makes
me
nervous
about
like
webpack
updates
and
other
things
like
that
is
like
okay.
These
are
Dev
dependencies,
but
they
produce
they're
critical
in
producing
the
production
code,
so
I
kind
of
want
to
verify
I
kind
of
want
to
verify
the
production
code.
So
I
could
do
this.
One
of
two
ways
could
run
a
smoke
test
manually.
B
A
A
Yep
I
think
I
think
they're
I
think
there
probably
is
one
so
to
me.
Yeah
I
think
you're
right
for
these
I
time
box
myself.
So
this
is
why,
like
I
started
this,
but
it's
like
okay
I
wasn't
able
to
do
this
little
task
so
I
just
moving
on
so
I
for
this
kind
of
stuff,
I
gotta
time
box
myself
when
I
say
I,
gotta
smoke
tested
I'm
spending
five
minutes
max
on
this,
and
more
and
I
have
a
timer
set
so
that
I
don't
get
distracted
to
do
that.
A
D
A
Yeah
but
I
mean
at
the
same
time
it's
like
I,
don't
mind
doing
little
smoke.
Tests
and
dependency
updates
do
make
me
nervous
people,
don't
always
follow
semantic
versioning
correctly,
I
sure
don't
so
it's
you
know
the
first
time
you
get
burned
by
like
a
third
party
dependency
and
you
realize,
oh,
you
all
are
not
like
you
know
the
post
office
and
are
super
real,
not
even
like
the
post
office
is
super
reliable.
So
it's
yeah.
D
It
may
be
one
of
those
things
like
each
change
has
a
different
type
of
validation,
I've
been
in
scenarios
before,
where
I'm
like
QA,
you
know
the
QA.
You
know
their
job.
Tell
me
what
you're
doing
manually,
so
we
can
automate
it
they're
like
no,
it's
all
different,
depending
on
the
release.
I'm
like
you.
A
Yeah
yeah,
and
that's
that
is
interesting
too,
but
yeah
I
think
that
there
I
think
there
are
things,
though,
that
can
some
things
that
can't
be
audited
like
improved
even
like
I'm
doing
this
manual
checklist
in
my
head,
but
like
maybe,
why
isn't
that
shown
up
in
EMR
of
like
these
are
the
worst
things
that
can
happen
or
any
of
these
relevant
and
I?
Don't
have
to
think
about
it?
Maybe
that's.
Just
that's.
Checklists
are
kind
of
one
form
of
automation.
A
A
E
A
A
E
A
A
E
B
A
E
A
E
A
A
A
D
D
A
A
A
But
we
are
in
I've
got
a
little
warning
going
on
off
my
head.
Not
only
that
we're
at
time,
but
like
take
it
easy
Paul.
This
is
two
you're
too
paranoid
right
now,
so
yeah
but
yeah
I'm,
gonna,
I'm
gonna
check
out
the
disk
usage
and
I'm
I'm,
assuming
it's
going
to
probably
be
the
same,
and
if
it's
very
similar
or
the
same
and
things
pass
the
smoke
test.
Then
I'll
end
up
merging
this
one
but
yeah,
but.