Botkit is a critical dependency of Skellington. I have two competing concerns: one that skellington remain stable and two that users not have to wait for new features in Botkit.
I've locked down the Botkit version because of the first concern. But I've also hooked up greenkeeper to this repo to address the second.
This approach definitely favors stability. However the drawback is that a new version of Botkit will require a new version of Skellington. This seems like it will create unnecessary work all around.
I'm thinking "betting on semver" and changing to a ^ match on the Botkit dep. ^ matches will allow propagate new features and prevent breaking changes from being pulled in. Botkit is currently in 0.X.X version, so caret match will pick up "patch" changes only (which are equivalent to minor version bumps of a 1.0.0 or greater package). So far, I believe Botkit has followed semver well. If it looks like they don't follow it, I will go back to a locked version.
To satisfy my want for stability, I'll document how to lock down deps (shrinkwrap) and how to lock in a specific version of botkit in case of a breaking change (roughly cd node_modules/skellington && npm install -S botkit@version && cd - && npm shrinkwrap)
Botkit is a critical dependency of Skellington. I have two competing concerns: one that skellington remain stable and two that users not have to wait for new features in Botkit.
I've locked down the Botkit version because of the first concern. But I've also hooked up greenkeeper to this repo to address the second.
This approach definitely favors stability. However the drawback is that a new version of Botkit will require a new version of Skellington. This seems like it will create unnecessary work all around.
I'm thinking "betting on semver" and changing to a
^match on the Botkit dep.^matches will allow propagate new features and prevent breaking changes from being pulled in. Botkit is currently in 0.X.X version, so caret match will pick up "patch" changes only (which are equivalent to minor version bumps of a 1.0.0 or greater package). So far, I believe Botkit has followed semver well. If it looks like they don't follow it, I will go back to a locked version.To satisfy my want for stability, I'll document how to lock down deps (shrinkwrap) and how to lock in a specific version of botkit in case of a breaking change (roughly
cd node_modules/skellington && npm install -S botkit@version && cd - && npm shrinkwrap)