You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This caused all of our builds to start failing since we npm install for every new build.
To fix this, I propose this package remove all carrots from dependency versions, e.g. "eslint-plugin-react": "6.0.0", instead of "eslint-plugin-react": "^6.0.0", and include a shrinkwrap file - https://docs.npmjs.com/cli/shrinkwrap
We are now shrinkwrapping our dev dependencies at my company to prevent this issue in the future. But I think it'd be a good idea within this dependency as well for others.
The text was updated successfully, but these errors were encountered:
Sorry your builds got broken. I do think that on the whole, having loose dependencies has been good for standard. We feel the pain acutely when semver is violated, but we don't appreciate all the times that bugs get fixed for free.
I think one improvement to the situation is to switch to ~ instead of ^. This is slightly more conservative, and would have prevented the breakage you experienced today. We use ~ already for ESLint since minor versions are more likely to introduce incompatibilities than patch versions.
Fixes: #654
I think one improvement to the situation is to switch to ~ instead of
^. This is slightly more conservative, and would have prevented the
breakage described in the above issue. We use ~ already for ESLint
since minor versions are more likely to introduce incompatibilities
than patch versions.
Today eslint-plugin-react was updated and had bug - jsx-eslint/eslint-plugin-react@d0dfc07
This caused all of our builds to start failing since we npm install for every new build.
To fix this, I propose this package remove all carrots from dependency versions, e.g.
"eslint-plugin-react": "6.0.0",
instead of"eslint-plugin-react": "^6.0.0",
and include a shrinkwrap file - https://docs.npmjs.com/cli/shrinkwrapWe are now shrinkwrapping our dev dependencies at my company to prevent this issue in the future. But I think it'd be a good idea within this dependency as well for others.
The text was updated successfully, but these errors were encountered: