π¦ Package: Switch dependency versions to ^ ranges
JoshuaKGoldberg opened this issue Β· comments
Spinning out of #5090: @orgads noted that the package.json
versions of dependencies
are all pinned to specific versions like 4.1.1
rather than "caret" ^
ranges like ^4.1.1
:
Lines 53 to 56 in 3345eff
Why is that?
I'm accustomed to ^
ranges to help consumers deduplicate packages. E.g. if a consumer's package requirements are chokidar@^3.5.2
and chokidar@^3.6.0
, us specifying chokidar@^3.5.3
would mean they could all resolve to the same package version.
I'm a big π to this. It was different in the pre-package-lock.json
era, that's when it was good practice to try and lock down dependencies this way, now its better handled by the package-lock.json
in our and other's projects.
Maybe implement this on a dependency by dependency basis when we update them? That way we will test that no breakage will occur
No comments for a while, and two π votes. Accepting PRs!
Let's have a single PR for each dependency so we can test them separately - and revert separately if needed.