You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey @rimiti, any reason why you removed the ^ ? Without that symbol, this means you pin to that exact version. I don't mind much for devDependencies which are local to this project, but for dependencies this effectively locks them also for any project that depends on supertest.
The main issue is if one of these transitive dependencies has a security alert and fixes it with a minor version => we (downstream projects) won't be able to update it unless supertest does it too.
What do you think?
I'd be happy doing the change in a PR if you'd like.
The text was updated successfully, but these errors were encountered:
julienw
added a commit
to julienw/supertest
that referenced
this issue
Oct 11, 2020
This was changed in #601.
Hey @rimiti, any reason why you removed the
^
? Without that symbol, this means you pin to that exact version. I don't mind much fordevDependencies
which are local to this project, but fordependencies
this effectively locks them also for any project that depends onsupertest
.The main issue is if one of these transitive dependencies has a security alert and fixes it with a minor version => we (downstream projects) won't be able to update it unless
supertest
does it too.What do you think?
I'd be happy doing the change in a PR if you'd like.
The text was updated successfully, but these errors were encountered: