Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Change Dependency on Express 3.0.x to a fixed version #48

Radagaisus opened this Issue Oct 7, 2012 · 2 comments


None yet
2 participants


"dependencies": {
    "express": "3.0.x",
    "socket.io": "0.9.x",
    "coffeecup": "0.3.x",
    "uglify-js": "1.1.x"

The current dependency on Express 3.0.x is problematic, breaking changes to Express are passing through unexpectedly.

For example, we use Zappa 0.4.0 and an npm install on a new machine just gave us Express with the new json/jsonp separation that we haven't implemented. So, everything broke down.

Not everyone is using semantic versioning, stuff will break, we need a clear dependency for each version of Zappa.


shimaore commented Oct 8, 2012

Sorry to hear about the broken deployment. :(

This sounds like the kind of issues npm shrinkwrap was designed for; although updating package.json would be more explicit about which versions were tested.

I know this won't help with 0.4.10, but I'll try and maintain things this way moving forward.

@shimaore shimaore added a commit that referenced this issue Oct 8, 2012

@shimaore shimaore Consequences of #48 4f85a2c

@shimaore shrinkwrap looks good.

This kind of bugs are hard to spot, we don't want to break people's code unexpectedly. On the next npm publish we should add the exact version of the latest and greatest express and socket.io as dependencies.

@Radagaisus Radagaisus closed this Oct 8, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment