Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to fuzzy dependency versions #166

Closed
leipert opened this issue Nov 7, 2017 · 6 comments · Fixed by #181
Closed

Move to fuzzy dependency versions #166

leipert opened this issue Nov 7, 2017 · 6 comments · Fixed by #181
Labels
engineering health 🛠 idea 🤔

Comments

@leipert
Copy link

leipert commented Nov 7, 2017

The package.json pins down dependencies pretty hard. This leads to duplicate dependencies in our project, e.g. prop-types which already has newer releases. Would you consider to updating all dependencies with carets ^ or at least tildes ~? Or is there any reason why pinning them down, if you rely on yarn anyway.

PS: I see that you have travis-ci in place, you could think about adding greenkeeper as well to update dependencies automatically and report breakages with newer versions of this package.
@leipert
Copy link
Author

leipert commented Nov 7, 2017

/cc @JorgeMartinezPizarro @KayVollers

@alexreardon alexreardon changed the title "Bug": Dependencies pinned harder than necessary Move to fuzzy dependency versions Nov 7, 2017
@alexreardon
Copy link
Collaborator

Hi @leipert.
I will ask around if there are any potential implications of moving to fuzzy dependencies. Keeping the dependencies locked adds a large level of confidence as we can test all the code exactly as it will be given to users. Even if we lock the dependencies in the lock file it seems like you would like to use dependencies that are not the exact same version as would be in the lock file - rather moving to a fuzzy range. Adding a fuzzy range potentially introduces bugs if dependencies break in minor or patch versions. I would hope that the dependencies of the library are light enough that this would not really be an issue anyway.

Regarding prop-types. I am actually thinking of removing them altogether and just leaning on flow to reduce overhead. Also, this dependency should move to ~0kb in production if you set up your build correctly. That is my understanding anyway. Please let me know if that is not the case

Regarding greenkeeper - it is awesome and I want to use it. Sadly we have had issues with latest dependencies not working together well. That was about two months ago so I might try to push to latest of everything soon. If we can get to latest then yes a tool like greenkeeper would be useful #37

@alexreardon
Copy link
Collaborator

@treshugart do you see any issues with moving to fuzzy deps?

@treshugart
Copy link

treshugart commented Nov 8, 2017
edited
Loading

@alexreardon There could be unexpected breakages for consumers if a dep is broken. I think it's okay to be optimistic here, though, especially in open source land, so +1 for fuzzy.

This was referenced Nov 17, 2017
Merged
Merged
@leipert
Copy link
Author

leipert commented Nov 20, 2017

👍 Nice work, thank you.

@alexreardon
Copy link
Collaborator

We also added greenkeeper @leipert to help going forward. This was not added previously due to an eslint issue (see #37 for details)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
engineering health 🛠 idea 🤔
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Upgrading all the deps atlassian/react-beautiful-dnd
3 participants
@treshugart @alexreardon @leipert