Unpin dependency versions and commit npm.lock or yarn.lock
toymachiner62 opened this issue · comments
I don't see an npm.lock or yarn.lock file in this repo. It's recommended to commit that file and then allow your dependencies to to use the ^
so they automatically get minor/patch versions if consumers of mailparser want them.
Sorry, I like to fix all dependencies for my libraries and not use a lock file.
Sounds good. The biggest advantage of doing it though is that I wouldn't have had to create a PR and have you create a new release just to update nodemailer. If it was a minor or patch version I can just update my yarn.lock file to use a higher version of one of your dependencies as long as it's within the "range" (using ^
).
Even though you've merged my PR to update nodemailer, I still can't use it until you release a new version to npm. With my suggestion above this isn't even an issue for me.