From f6416b633af3a99f6006af143468700f27c68ac3 Mon Sep 17 00:00:00 2001 From: Wojciech Maj Date: Thu, 7 Aug 2025 23:31:06 +0200 Subject: [PATCH] Loosen dependency requirements Using exact dependency versions can be harmful, as it blocks downstream bug fixes, security patches, and new features. It can also increase the risk of duplicate packages in node_modules, leading to subtle, hard-to-debug issues. This PR changes all user-facing dependencies from x.y.z to ^x.y.z, allowing end users to automatically benefit from compatible updates as they are released. --- package-lock.json | 6 +++--- package.json | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index f2d963f5..b9d2285c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3621,9 +3621,9 @@ } }, "node-forge": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==" + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz", + "integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==" }, "node-preload": { "version": "0.2.1", diff --git a/package.json b/package.json index 12ad4174..69e05730 100644 --- a/package.json +++ b/package.json @@ -18,10 +18,10 @@ "url": "https://github.com/parse-community/node-apn.git" }, "dependencies": { - "debug": "4.4.3", - "jsonwebtoken": "9.0.2", - "node-forge": "1.3.1", - "verror": "1.10.1" + "debug": "^4.4.3", + "jsonwebtoken": "^9.0.2", + "node-forge": "^1.3.2", + "verror": "^1.10.1" }, "devDependencies": { "@semantic-release/changelog": "^5.0.1",