jean-emmanuel
commented
1 year ago Done. I avoided it because it's heavy, but I guess there's no other choice to avoid undesired updates somewhere in the dependence tree.
Closed lilyinstarlight closed 1 year ago
jean-emmanuel
commented
1 year ago Done. I avoided it because it's heavy, but I guess there's no other choice to avoid undesired updates somewhere in the dependence tree.
lilyinstarlight
commented
1 year ago Awesome, thank you so much!
I'll close this issue and will begin using the bundled package-lock.json when packaging new releases :)
lilyinstarlight
commented
1 year ago Hi @jean-emmanuel! It looks like the lockfile has started to lag behind the released version numbers and the dependencies releases were actually built with:
Is the lockfile not being updated intentional, or was it just missed the last two releases?
Thank you again!
jean-emmanuel
commented
1 year ago Actually only the version number for open-stage-control is wrong, the dependencies' versions are correct. Funnily, this provides an insight on when dependencies were last updated, but also yes I didn't think of updating o-s-c version in that file :)
lilyinstarlight
commented
1 year ago Ah, good to know! I was wondering, but that makes sense
Thanks again for adding it :)
I'm not sure if there is a specific reason it is excluded, but having a package-lock.json would help downstream packagers by providing the dependency versions that releases are built with and allow our tooling to use that for fetching dependencies
Currently, we're generating our own package-lock.json when updates occur and committing it to nixpkgs (https://github.com/NixOS/nixpkgs/blob/fd538cf515ea2243f9b9c018ba0e4ce01e83a449/pkgs/applications/audio/open-stage-control/package-lock.json), but we would love to avoid doing this if it can be added directly to this repo