Relax momentjs semvar range

[jsg2021]

to prevent duplicate version of moment.js (which is pretty large) when an app also depends on moment (with less strict semvar range)

[benmccann]

@simonbrunel @etimberg this seems like a reasonable change to me. what do you think? should we also make the same change to the usage of chartjs-color if we go with this PR?

[etimberg]

I'm ok with relaxing the range though it may have test implications. Is it possible to run our tests with different moment versions automatically?

[simonbrunel]

I'm fine with it as well and agree with @benmccann, we should apply the same rule for chartjs-color for consistency.

[benmccann]

@jsg2021 could you rebase this and apply the same rule to chartjs-color?

[jsg2021]

sure, i’ll try to do it tomorrow.

[jsg2021]

done :)

[benmccann]

nit: i'm not sure we should remove the last line

[jsg2021]

sorry, my editor does that in save. my first edit was directly from github’s online editor. i’ll put it back.

[simonbrunel]

Related question: shouldn't we avoid to explicitly upgrade dependency versions to the latest unless we really need to? It seems that "moment": "^2.19.0" is better than "moment": "^2.19.1" (^2.0.0 could also work unless we need a feature introduced in ^2.19.0).

I'm referring to this kind of changes which, except for ESLint 4, didn't require any explicit upgrade of other dependencies.

Thoughts?

[jsg2021]

I only changed the ~ to ^...when I rebased I picked up the new number... I can change it to 2.18.0 to match the last release

[simonbrunel]

It's more a question than something I would like to change in this PR (I'm fine with ^2.19.1).

I'm just wondering if explicitly upgrade dependencies without reason is a good practice or not: let say your app requires ~2.18.0 and this lib depends on ^2.19.1, I guess that the dependency will be duplicated (2.18.0 and latest 2.x.x). However, what happen if Chart.js depends on ^2.0.0? does this prevent duplication of the dependency?

[jsg2021]

Ah, yes. that would prevent duplication... if this project does not explicitly depend on something in 2.19.1, it should be set as low as possible to allow for that scenario.

[benmccann]

I did some reading and it appears that if you say ^2.18.1 then that means version >= 2.18.1 && version < 3.0.0

It probably makes sense for us to use the lowest compatible version. The lowest versions our tests pass with are:

"chartjs-color": "^2.1.0",
"moment": "^2.10.2"

For devDependencies I'd probably lean towards using the highest version of whatever is available to keep developer environments as consistent as possible

[jsg2021]

i can update to those versions if you like.

[simonbrunel]

@jsg2021 can you update the PR versions please for the one suggested by @benmccann? Then let's stop upgrading dependencies (including devs) as long as it's not required.