chore: relax dependencies

[nponeccop]

This helps with #68 as now the users are free to upgrade nx within 19.x without waiting for our update.

This follows two most popular third-party nx plugins: nx-stylelint and nx-remotecache-custom.

[nx-cloud]

☁️ Nx Cloud Report

CI is running/has finished running commands for commit 28491d6. As they complete they will appear below. Click to see the status, the terminal output, and the build insights.

📂 See all runs for this CI Pipeline Execution

---

✅ Successfully ran 3 targets

• nx affected -t e2e --parallel=1
• nx affected -t test --parallel=3
• nx affected -t lint --parallel=3

---

Sent with 💌 from NxCloud.

[Bielik20]

Does it? The dependencies of packages are defined in their individual package.json. I think it needs to be changed there, and it is managed by Nx's eslint plugin.

[nponeccop]

It helps with my last comment, which is a part of the problem but not its entirety (since "helps with" and not "solves"). Now 19.6 is out but I can't migrate because your strict constraints cause massive package duplication.

If you fix the forced dependency update part it won't help before something like this PR is also made.

[Bielik20]

Yeah, but what I am saying it does nothing. Root package.json is only used in development.

I will change it in #109 but keep an eye if after Nx update if it still is "relaxed". If I forget about it nag me 😅

[Bielik20]

Released

[nponeccop]

It will nag you. The right solution is to use a lockfile for library development, and update it carefully, while letting the users to fix their dependency problems by themselves.

So your old constraints were good for you as your builds didn't suddenly break due to third-party updates. But showing that on the library users is incorrect and contradicts the practice of other third-party nx plugins.

The plugins developed by nrwl pin their versions down because they are released as a whole. You should only pin your versions whenever you are ready to release with every upstream release. AFAIK no third-party plugin does that.

Upd: you already do that pinning by npm ci in https://github.com/Bielik20/nx-plugins/blob/master/.github/actions/setup/action.yml#L20 so it won't affect you unless you are careless with committing new package-locks.

[Bielik20]

Exactly, the change wasn't needed. So it was already with ^, I knew I handled it long time ago, so I don't think the release I have just made changed anything. And everything was correct to begin with. What may be problematic is Nx sometimes break some of their deep exports which I sometimes use.

[Bielik20]

Everything is always with ^ without my previous change:

nx-plugins/packages/nx-npm/src/executors/publish/executor.ts

Lines 66 to 81 in 44144b7

	async function caretDepsVersion(normalizedOptions: PublishExecutorNormalizedSchema) {
	const pkgJsonPath = joinPathFragments(normalizedOptions.pkgLocation, 'package.json');
	const packageJson = await readJson(pkgJsonPath);
	const projectsNames = await getAllProjectsNames();
	projectsNames.forEach((name) => {
	if (name in (packageJson.peerDependencies || {})) {
	packageJson.peerDependencies[name] = addCaret(packageJson.peerDependencies[name]);
	}
	if (name in (packageJson.dependencies || {})) {
	packageJson.dependencies[name] = addCaret(packageJson.dependencies[name]);
	}
	});
	await writeJson(pkgJsonPath, packageJson, { spaces: 2 });
	}

So the error must be somewhere else.