-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Only allow patch releases for our dependencies #92
Conversation
@ofrobots what do you think about this approach? @schmidt-sebastian can you link the relevant issue from grpc that explains the breakage? |
Sorry, I should have done that to begin with: grpc/grpc-node#130 We saw high errors numbers on Google Cloud Functions and many user reports after we automatically pulled in this update. There are some links to these reports in the GitHub issue. |
If I understand correctly, grpc messed up by making a breaking behaviour change in a semver-minor update. This is terrible, but it is still a mistake made by gRPC. We should provide this feedback to the grpc folks (/cc @murgatroid99) and let them fix. Locking down all dependencies using The problem with a locking down dependencies is that in the npm module ecosystem fixes (bug fixes and security fixes) are typically provided on the tip of the major branch. If you are restricting to /cc @JustinBeckwith |
@ofrobots Sounds good. I will update this PR to allow future versions of GRPC patch releases for 1.7.x only (right now we lock to 1.7.1). |
Codecov Report
@@ Coverage Diff @@
## master #92 +/- ##
=====================================
Coverage 100% 100%
=====================================
Files 12 12
Lines 1599 1599
=====================================
Hits 1599 1599 Continue to review full report at Codecov.
|
I hope this will help reduce future breakages as those with GRPC 1.8.0 (grpc/grpc-node#130).