search

jonschlinkert / randomatic

Easily generate random strings like passwords, with simple options for specifying a length and for using patterns of numeric, alpha-numeric, alphabetical, special or custom characters. (the original "generate-password")
https://github.com/jonschlinkert
MIT License
183 stars 25 forks source link

Upgrade dependencies #9

Closed realityking closed 7 years ago

realityking commented 7 years ago

Trying to get some old dependencies out of my tree 🙂

jonschlinkert commented 7 years ago

Thanks, it's always good to upgrade, and I'm happy to take PRs to help with it, but it might not accomplish what you want. If it does reduce overall deps, it will probably only be by chance. When deps are upgraded, if they are majors I always bump the major on my lib as well, since it's the safest way to go and is idiomatic semver. Which means every lib that uses this lib will then need to upgrade again, ad infinitum, and you might end up with more libs or duplicates in your tree. It's a neverending vicious circle.

fwiw, multiple times recently I've had numerous libs start failing on travis because a dep didn't follow this practice.

realityking commented 7 years ago

That's fair enough.

Basically I'm trying to get micro match's dependencies updated before es128/anymatch#22 get attempted. It gets updated rarely enough that this is a great chance to purge some really old stuff from a very common dependency. But overall you're right - trying to keep your node dependencies deduplicated is a fools errand.