Use fixed versions in package.json dependencies.

[jakobnordztrom]

This is a Feature Proposal

Description

• Most dependencies in package.json allow for minor version updates, ie are prefixed with ^. This allows bugs in new releases of dependencies to break existing serverless releases (e.g what happened in issues error during sls deploy #6659). To ensure a stable and immutable release do not allow for version updates in package.json. Use fixed versions instead.

Similar or dependent issues:

• error during sls deploy #6659

[medikoo]

@jakobnordztrom Great thanks for proposal, still I don't think it's a path we we should follow.

It's a project installed usually as one of the dependencies and applying this practice may imply a numerous nasty side effects for projects that rely on it. Also we need to be able to update framework dependencies without a need of producing framework releases for every such case.

A fine grain control of a dependencies versioning should rather be done on a project level instead, and over there you can easily control that with package-lock.json or yarn.lock.

---

#6659 was fixed on aws-sdk side, also with today's release we've ensured that buggy version will not install with a new version of the framework.