Skip to content
This repository has been archived by the owner on Feb 18, 2024. It is now read-only.

Refresh lockfile & bump in-range dependency versions #848

Merged
merged 1 commit into from
May 5, 2018
Merged

Refresh lockfile & bump in-range dependency versions #848

merged 1 commit into from
May 5, 2018

Conversation

edmorley
Copy link
Member

@edmorley edmorley commented May 4, 2018

The refreshed lockfile brings with it webpack 4.7.0 amongst other things, and will make it easier to differentiate between the Babel 7 performance changes and everything else when using linked packages, than if the full lockfile refresh were in the Babel 7 PR.

Bumping the version ranges themselves in theory shouldn't be necessary, however it reduces the chance of end-users package-managers consolidating deps with an older version & making it harder when we try to debug any issues (webpack itself does the same).


To future self: This was generated using a global install of npm-check-updates, but due to bugs it has to be used outside of lerna and also after deleting all node_modules in the monorepo. There is also a bug with combining --upgradeAll and --semverLevel minor, so packages that had major version bumps (eg deepmerge) had to be excluded manually using -x, and the --semverLevel option not used at all. (Why do I seem to be the only one that finds all of these types of bugs...?!)

Bumping the version ranges themselves in theory shouldn't be
necessary, however it reduces the chance of end-users package
managers consolidating deps with an older version & making things
harder when we try to debug their issues.

The refreshed lockfile brings with it webpack 4.7.0 amongst other
things, and will make it easier to differentiate between the Babel 7
performance changes and everything else, than if the full lockfile
refresh were in the Babel 7 PR.
@edmorley edmorley self-assigned this May 4, 2018
@edmorley edmorley requested a review from eliperelman May 4, 2018 15:16
@edmorley edmorley merged commit 9985fd2 into neutrinojs:master May 5, 2018
@edmorley edmorley deleted the bump-dep-versions-in-range branch May 5, 2018 15:31
@edmorley edmorley removed the request for review from eliperelman May 6, 2018 20:48
edmorley added a commit that referenced this pull request May 19, 2018
The `release/v8` branch equivalent of #848.

Will hopefully persuade package managers such as npm that yes really
they should update the stale deps in `package-lock.json` and not
display security audit errors that imply our deps are out of date.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

1 participant