You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We need to settle, on how we manage the versions of the devDependencies because there is a mix between exact, patch match (~) and minor match (^).
IMO, devDependencies should be versioned using a minor match (^). The yarn.lock ensures the repeatability of the build by freezing all the dependencies (dev or not) to a specific version. Those dependencies are also internal to the project some we can't expect consumers to run into an issue where a package introduces an unintended breaking change without us noticing first. React, Ember and Vue follows the same strategy here. This comes at the exception of:
prettier that should be frozen to a specific version, since updating prettier version most of the time requires some code to be reformatted.
typescript that should be versioned using patch match (~), because the package removes APIs from the language between minor releases.
I know that @diervo and @caridy will have some strong opinion here =)
Those are good points. I wasn't sure if we cared about those annotations because the yarn.lock ultimately dictates what gets installed but it would be nice to reflect our expectations in our dependencies. That would, in theory, allow us to simply delete the yarn.lock and do a fresh install to update all our dependencies at once 🤞
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ekashida
changed the title
Details
moderateandlowsecurity alerts (aside from thehighalert forcssnano)Does this PR introduce breaking changes?
No, it does not introduce breaking changes.