-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open up dependency range of colors #501
Comments
Hello @webmaster128! Did you already encounter this specific issue? I understand your point, however for now my take on this is that I prefer to keep control on how well jasmine-spec-reporter works with its dependencies, even if patch releases should theoretically not cause any issue. Does it make sense? |
Hello @bcaudan :) I encountered those two issues multiple times in different dependencies in different projects:
I noticed this here when I saw that the upgrade to the latest jasmine-spec-reporter reduced the amount of dependencies because different versions of I think it is best practice to assume there are not breaking changes within one semver major version series. If there are, you can blame the library maintainers. Version pinning is a way to explicitely protect again regression issues if they occur (i.e. pin to For the application using jasmine-spec-reporter there are lockfiles, to ensure the dependencies work nicely and deterministically. When dependencies are explicitely upgraded, they are tested. So I don't think this should be done by the library.
Yeah this can be done in extreme cases, e.g. when there is a detected security issue. But with many projects using thousands of dependencies, this method cannot be applied everywhere. Also, if a library author version pins a dependency, I need to assume there is a very good reason for it. Doing the reseach if this is the case is just too much. |
Obsoleted by #696 |
Right now, the dependency colors is fixed to
"colors": "1.4.0"
. Thus, a project using jasmine-spec-reporter cannot install patch releases of colors without a new version of jasmine-spec-reporter. This also leads to multiple versions ofcolors
installed in a larger project, which is unnecessary.Could you open up the version range to
"colors": "^1.4.0"
? Thank you.The text was updated successfully, but these errors were encountered: