search

Leonidas-from-XIV / node-xml2js

XML to JavaScript object converter.
MIT License
4.88k stars 602 forks source link

Lock major version of all dependencies. #507

Closed grushikhin closed 4 years ago

grushikhin commented 5 years ago

Hello, guys! My application was accidentally broken last week due to a major update of xmlbuilder. We use the latest version of RestlerHTTP client (3.4.0), which depends on xml2js@0.4.0, which depends on xmlbuilder@>=0.4.2 and the latest version of xmlbuilder is 10.0.0. I know that in the latest version of xml2js you locked 10'th version of xmlbuilder, it's fine, but you still depend on another dependency sax as >=0.6.0, which actual version is 1.2.4. Any breaking changes in sax dependency can break node-xml2js at any time, so, I strongly recommend you to lock major versions of each your dependencies and follow semver. Thank you!

Leonidas-from-XIV commented 5 years ago

That sounds reasonable. Can you submit a PR with your proposed changes?

grushikhin commented 5 years ago

Will do :)

knoxcard commented 5 years ago

Even better solution was proposed here and appears to already be implemented or extremely close to.... https://github.com/Leonidas-from-XIV/node-xml2js/issues/517

@grushikhin - close issue?