Closed sseide closed 3 years ago
Updated dependencies and published as v2.1.5.
Precise version numbers are used to prevent breaking changes introduced by dependencies in bugfix or minor versions. Package maintainers are not all so diligent about maintaining backwards compatibility or observing semantic versioning. In the future, if I am slow to update a dependency, you are always welcome to fork the project and depend upon your updated fork for your projects.
Yes - you are right about semantic versioning. Some people are really sloopy about this.. But (personally) at least for some projects i'd willing to accept bugfix upgrades for free with "~4.3.1" looking at the history and people committing to a project. And "debug" is one of them... Specially when providing a library others use and not having a "final" app where i use fixed versions whenever possible with the lock file too.
Nonetheless thanks for the update!
Current
package.json
depends on explicit version 4.1.1 of the "debug" library. Running "npm install" we see the following warning by npm:Can you please either: a) loosen the version restriction to "^4.1.1" or b) increment min version needed to "~4.3.1". Using hard coded explicit versions is problematic as it does not allow using bugfix releases if some security warnings appear (which may happen every time...).
Thanks