autocomplete icon indicating copy to clipboard operation
autocomplete copied to clipboard
verified publisher icon withfig

deps: update config to pin dep version for new deps additions

Open ddanielcruzz opened this issue 2 years ago • 2 comments

This is just a suggestion that when new packages are added to the repo they are pinned to specific version rather than using the caret (^) and allowing to install different minor versions.

My reasons are:

  • Dependencies could could mess up semver and introduce breaking changes in minor/patches updates
  • Having pinned dependencies makes sure everyone contributing has the same exact versions, making it easier for everyone to debug
  • Avoid constantly update yarn.lock when people install deps. Since minor versions are allowed yarn.lock changes unless contributors install deps with --fozen-lockfile flag (yarn install --frozen-lockfile)

This just changes the behavior for new packages added. package.json would still need to be updated to remove the caret from all deps that have it, but first I wanted to introduce the idea of pinned versions before proceeding to update pacakge.json

ddanielcruzz avatar May 18 '23 18:05 ddanielcruzz

@fedeci just a friendly ping in case you missed this 😄

ddanielcruzz avatar Jun 14 '23 00:06 ddanielcruzz

Hey @ddanielcruzz, sorry about the delay on this! I like the idea and am open to merge if you remove the ^ from the deps.

grant0417 avatar Jul 28 '23 03:07 grant0417