Is the peer dependency on graphql exactly 15.5.1 on purpose? #355

badrange · 2021-09-09T08:59:56Z

I noticed that the peer dependency on graphql was changed from ^15.5.0 to 15.5.0 in #350. Was the change from depending on a minor release to an exact patch release done on purpose?

If I install graphql-relay to a project which already has the most recent version of graphql installed it will require me to downgrade to an older graphql version that is depending on another project that has a security release.

The text was updated successfully, but these errors were encountered:

saihaj · 2021-09-10T02:22:16Z

I think only major version should be locked for peer deps to avoid this issue. I have opened a PR will try to get a release out soon. cc @IvanGoncharov

oliversalzburg · 2021-09-13T10:37:58Z

I've been wondering about this as well. It forces us into an overly specific set of outdated dependencies for apparently no good reason.

badrange · 2021-09-14T09:43:51Z

Thank you for the quick reaction! 👍

saihaj mentioned this issue Sep 10, 2021

build: update dependencies #356

Merged

saihaj mentioned this issue Sep 10, 2021

fix: lock only major version #357

Merged

IvanGoncharov closed this as completed in #357 Sep 13, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is the peer dependency on graphql exactly 15.5.1 on purpose? #355

Is the peer dependency on graphql exactly 15.5.1 on purpose? #355

badrange commented Sep 9, 2021 •

edited

Loading

saihaj commented Sep 10, 2021

oliversalzburg commented Sep 13, 2021

badrange commented Sep 14, 2021

Is the peer dependency on graphql exactly 15.5.1 on purpose? #355

Is the peer dependency on graphql exactly 15.5.1 on purpose? #355

Comments

badrange commented Sep 9, 2021 • edited Loading

saihaj commented Sep 10, 2021

oliversalzburg commented Sep 13, 2021

badrange commented Sep 14, 2021

badrange commented Sep 9, 2021 •

edited

Loading