Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #92

Merged
merged 2 commits into from
Jan 31, 2019
Merged

Update dependencies #92

merged 2 commits into from
Jan 31, 2019

Conversation

DylanVann
Copy link
Contributor

@DylanVann DylanVann commented Jan 30, 2019
edited
Loading

Using ^ in versions is less risky now because almost all consumers will be using newer yarn or npm versions, which both use lockfiles.

In the event a dependency is broken users can easily fix it using yarn or npm resolutions.

Advantages:

  • Consumers can avoid duplication.
  • Consumers can get semver compatible bug fixes without needing this module to be updated.

Also a new version release would be appreciated, although I understand if you're busy.

@SimenB SimenB requested a review from af January 30, 2019 07:11
DylanVann
DylanVann commented Jan 30, 2019
View reviewed changes
package.json Outdated
@@ -63,5 +63,6 @@
"npm run prettier-ts -- --write",
"git add"
]
}
},
"prettier": {}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

People may have their editor configured with default prettier settings. Explicitly setting an empty config ensures that the default settings are used instead of those set by the user.

SimenB
SimenB approved these changes Jan 30, 2019
View reviewed changes
Copy link
Collaborator

@SimenB SimenB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm in favour, dunno if @af is, though 🙂

DylanVann
DylanVann commented Jan 30, 2019
View reviewed changes
yarn.lock
@@ -0,0 +1,3114 @@
# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could make this an npm lockfile if you prefer.

The advantage of having this is that in the event that a dependency of envalid is broken you can see from this lockfile what exact versions of modules are working, and then debug from this point.

@DylanVann
Copy link
Contributor Author

DylanVann commented Jan 30, 2019
edited
Loading

@SimenB Out of curiosity, what do you use that depends on this? I don't see Jest using it.

We use Envalid at a company I'm working with. We were adding Cypress tests and Envalid didn't work so I used Yup instead as a stopgap. This has me thinking, maybe Envalid is just a special case of yup. Maybe yup could be used for most of the internals.

I think it would be easy to add things like #81 (and also url validation) if yup were used.

Regarding the size of universal-url, maybe it doesn't matter, I'd hope nobody would use this to validate environment variables on a production website. It's sort of similar to PropTypes, probably better that it's compiled out of production. For example if we did use yup for the internals then it would be 20kb gzipped, which I don't think is acceptable in production unless the consumer was already using yup.

@SimenB
Copy link
Collaborator

SimenB commented Jan 30, 2019

I use it at work 🙂 Just for backend though, not client side (web or RN)

af
af approved these changes Jan 31, 2019
View reviewed changes
Copy link
Owner

@af af left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've resisted ^ in the past because I still don't like the idea of dependencies being declared inexactly. Besides the possibilities of bugs being shipped in patch versions of deps (it happens), there's the potential vulnerabilities of left-pad/event-stream - type incidents.

That said, you're right that lockfiles are now the norm (I've been using them for a few years so I realize the above borders on paranoia :P). I'll relent on this and we can re-assess if any issues come up. Thanks for the PR!

@af af merged commit f76bde6 into af:master Jan 31, 2019
@af
Copy link
Owner

af commented Jan 31, 2019

Also published v4.2.0! Thanks for the reminder, that was overdue

tuannm151 pushed a commit to BSSCommerce/shopify-envalid that referenced this pull request Jul 1, 2024
@DylanVann @tuannm151
Update dependencies (af#92)
c63181e 
* Update dependencies
* Update husky config to new format, see: https://github.com/typicode/husky#upgrading-from-014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@af af af approved these changes

@SimenB SimenB SimenB approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DylanVann @SimenB @af