Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Start using fixed versions of 3rd party packages (or at least same minor version) in LTS versions #12874

Closed
dozer75 opened this issue Nov 6, 2018 · 5 comments
Closed

Start using fixed versions of 3rd party packages (or at least same minor version) in LTS versions #12874

dozer75 opened this issue Nov 6, 2018 · 5 comments
Assignees
@alan-agius4
Labels
area: angular/cli feature Issue that requests a new feature
Milestone
Backlog

Comments

@dozer75
Copy link

dozer75 commented Nov 6, 2018
edited

Bug Report or Feature Request (mark with an x)

- [ ] bug report -> please search issues before submitting
- [X] feature request

Desired functionality

As seen in issue #12866 the usage of non fixed versions causes lots of problems when a dependent package breaks Angular, this is not the first time and probably not the last time. So I suggest that an LTS version uses fixed versions of external packages to avoid issues like this.

Waiting (like in this example 8 hours) for a fix may be costly for some users of the Angular platform. Luckily enough this fix was simple by adding webpack to your own package.json file, but it is quite costly to analyze and search for a solution when these things happens.
@alan-agius4
Copy link
Collaborator

alan-agius4 commented Nov 6, 2018
edited

Hi, we are already using fixed versions for direct dependencies in version 7.

I do agree that maybe we should add this for the LTS versions as well.

@alan-agius4 alan-agius4 added feature Issue that requests a new feature needs: discussion On the agenda for team meeting to determine next steps labels Nov 6, 2018
@alexeagle
Copy link
Contributor

Generally, users should use a lock file to prevent breakages. Even if we pin our direct dependencies, our transitive dependencies can still push updates which are broken and which match whatever semver range the intermediate dependency requires.

Pinning direct dependencies is only a partial fix.
We could back-port the pinning to LTS, how much work do you think that is @alan-agius4 ? If it's just a couple hours I think we should do it.

@alan-agius4
Copy link
Collaborator

alan-agius4 commented Nov 19, 2018
edited

@alexeagle, yeah it's just a couple of hours. I'll be on it tomorrow.

@alan-agius4 alan-agius4 removed the needs: discussion On the agenda for team meeting to determine next steps label Nov 19, 2018
@alan-agius4 alan-agius4 self-assigned this Nov 19, 2018
@ngbot ngbot bot added this to the Backlog milestone Nov 19, 2018
@alan-agius4 alan-agius4 mentioned this issue Nov 20, 2018
Merged
alexeagle pushed a commit that referenced this issue Nov 20, 2018
@alan-agius4 @alexeagle
build: pin third party dependencies
a9771ec 
Closes #12874
@alan-agius4
Copy link
Collaborator

Fixed via #13007

@angular-automatic-lock-bot
Copy link

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

This action has been performed automatically by a bot.

@angular-automatic-lock-bot angular-automatic-lock-bot bot locked and limited conversation to collaborators Sep 8, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alan-agius4 alan-agius4

Labels
area: angular/cli feature Issue that requests a new feature
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@alexeagle @dozer75 @alan-agius4