-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dependencies in package.json with "^" #37
Comments
Semver is specifically designed to not use the static versions. Of course it assumes that the library authors do follow the semver principles. In particular that means that patch changes (like from mongo 2.2.1 to 2.2.19) should never change the API, and minor changes (from 2.0.0 which is the dependency of 0.5.2 to the modern 2.2) should only add the new APIs in backward-compatible way. I've just ran the tests with the mongodb module 2.2.16 and 2.2.19, passed in both cases with the current master which is 0.8.3. But 0.5.2 is an old version and it can obviously have bugs fixed in the later versions. Shrinkwrapping is a good idea regardless though, will implement it later together with yarn.lock. |
Thanks for information. I'll check if upgrading mongodb-migration itself is fixing the problems. Br |
Closing it unless more specific issue is reported. |
I've reproduced the problem in an indenpendet environment: windows 10 prof. index.js: function execute() { this seems to be a incompatibility between the mongodb versions used by mongoose@4.0.8 and most current version of mongodb-migrations. This is just an information for others, I'll fix this on my side. |
Interesting, thanks for reporting! I'll try to repro and see what specifically is an issue. |
Because in case of incompatible versions npm should just install the 2 copies of the package and no conflict should occur. |
This is what i would expect either. |
@emirotin yarn and the new npm@5 solve this using lock files. I'd close this issue. |
hello.
we've just seen that your package json, also in released versions, does include the following dependencies:
"dependencies": {
"bluebird": "^3.4.1",
"lodash": "^4.13.0",
"mkdirp": "^0.5.1",
"mongodb": "^2.2.1",
"nomnom": "^1.6.2"
}
the usage of "^" leads to the fact that installing the "released" mongodb-migrations module installs potential changed submodules.
In our case, the used implementation of mongodb (2.2.19) seems to be incompatible with mongodb-migrations 0.5.2.
is that a desirable behaviour?
there are possibilities like npm shrinkwrap or just using static versions which would prevent such problems.
The text was updated successfully, but these errors were encountered: