Update package.json

[edi9999]

Base62.js version 0.1.1 (which is a dependency of jstransform 10.1.0) was unlicensed (which can be problematic, since this package is even used by React).

These changes update jstransform to latest version, which removes this licensing problem.

[edi9999]

Whenever you merge this, can you please publish a new version to npm ?

[yoshuawuyts]

tests pass - merging!

[yoshuawuyts]

Oops, looks like I don't have publish rights on npm. cc/ @zertosh @hughsk could you publish a patch version or add me on npm? Heaps thanks!

[zertosh]

done! published as envify@3.4.1.

[callumacrae]

In the future please could you publish breaking dependency changes as minor or major versions, not patch versions which will be auto-updated by npm? This is scary!

Thank you 🎉

[zertosh]

From the perspective of envify and what it does with jstransform, this update is a bug fix. The changes in jstransform from v10 to v11 are in its ES6 transforms, not the parser/patcher.

[callumacrae]

Sure, but this has implications with deduping on old versions of npm, iirc

[zertosh]

Ah, I'll give you that. My apologies.

[callumacrae]

No worries! I'm not using jstransform as a direct dependency anyway, so it didn't affect me. Good to be aware of though :)

[yoshuawuyts]

Sure, but this has implications with deduping on old versions of npm, iirc

Could you elaborate? I'm curious what you mean because I'm not aware of any possible dedupe issues this might cause on pre-npm@3 versions - thanks!

[callumacrae]

Not sure of specifics, just was always warned against major version bumps of dependencies on patch versions of a library.

Could just be that my information is entirely wrong. I'll do some research :)

[zertosh]

I took it to mean that jstransform@^11.0.3 would not dedupe with anything else using ^10.x.x, so this update could result in multiple copies of jstransform - even if you have envify versioned at the more conservative ~3.4.0 as opposed to ^3.4.0.

[yoshuawuyts]

I took it to mean that jstransform@^11.0.3 would not dedupe with anything else

Ah alright, but that's just working as intended right? This code isn't run in the browser so file size (within limits obv) isn't a concern. Mostly relieved I didn't miss some huge conflict between npm 2 and 3 haha :sparkles: yay

[callumacrae]

It doesn't apply to this library (I think?), but there's definitely examples it's relevant to: imagine a jQuery plugin updates its jquery dependency to 3.x from 2.x on a minor version: then, the root project, which is still requesting jquery 2.x, won't be able to access the plugin because it will have been attached to the wrong object.

Can't think of a more backend example right now…

[edi9999]

I don't think your example applies here @callumacrae . If you use jquery in jour project, you would manually require jquery version 2.x in your package.json.