Library Dependencies not frozen

[d-leb]

Hi there. I am not sure how much of an issue this actually is, but I recently upgraded Typescript to version 5 and received the following error while trying to run stylelint with this syntax library:

WARNING: You are currently running a version of TypeScript which is not officially supported by @typescript-eslint/typescript-estree.

You may find that it works just fine, or you may not.

SUPPORTED TYPESCRIPT VERSIONS: >=3.3.1 <5.0.0

YOUR TYPESCRIPT VERSION: 5.0.4

Please only submit bug reports when using the officially supported version.

I noticed that this project uses @typescript-eslint/typescript-estree as a dependency. I installed postcss-styled-syntax a couple of months ago, so the dependency and sub-dependencies are frozen as of that time. I was able to fix this issue by removing postcss-styled-syntax and re-adding it to my project. This causes the sub-dependency of @typescript-eslint/typescript-estree to be frozen as of the most recent version of today.

Should the dependency libraries be locked down to a specific version in postcss-styled-syntax? When someone consumes this library, there is no way to know what version of a dependency that they are using and it may be incompatible.

(i.e. "@typescript-eslint/typescript-estree": "5.47.0", vs "@typescript-eslint/typescript-estree": "^5.47.0",)

The upside is a predictable state where people know exactly what version of libraries are being downloaded when consuming this package. The downside, of course, is that this library would need to be updated when major changes happen, such as the Typescript 5.x update.

[hudochenkov]

There is no need to freeze dependencies versions in package.json. The whole Node.js ecosystem is built around Semantic Versioning. Most packages do not have versions of dependencies locked.