Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using yarn.lock and pin the exact versions of dependencies in the package.json files #77

Open
thomvaill opened this issue May 30, 2022 · 0 comments
Open

Stop using yarn.lock and pin the exact versions of dependencies in the package.json files #77

thomvaill opened this issue May 30, 2022 · 0 comments
Labels
feature New feature or request

Comments

@thomvaill
Copy link
Owner

Following the incident caused by a breaking change released in a dependency which does not follow semver: #74
And because of these reasons: https://gajus.medium.com/stop-using-package-lock-json-or-yarn-lock-909035e94328
I think we should not use yarn.lock anymore, and pin the versions of the project dependencies more strictly, and maybe use a tool like Renovate to assist us with their upgrades.
@thomvaill thomvaill added the feature New feature or request label May 30, 2022
@thomvaill thomvaill mentioned this issue May 30, 2022
Closed
thomvaill added a commit to indatawetrust/log4brains that referenced this issue Jul 8, 2022
@thomvaill
chore(thomvaill#77): pin nextjs version
391d1e9
@thomvaill thomvaill mentioned this issue Jul 8, 2022
Merged
thomvaill added a commit that referenced this issue Jul 8, 2022
@thomvaill
chore(#77): pin nextjs version
4c9f2e1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@thomvaill