fix: mime-db@1.53.0

[wesleytodd]

Updates mime-db which included an update to .js mapping to the correctly specified text/javascript mime type. This broke a test and is likely to be generally disruptive, but I believe that this should be considered non-breaking from a semver perspective since it is to spec. Please tell me why I am wrong before we release this 🤣.

EDIT: Copying this comment here so folks understand that I am both saying this from my opinion as well as precidence for this package's history.

https://github.com/jshttp/mime-types/issues/110#issuecomment-1848576753

Yes, this pins so there are two decision points. The semver is tricky bc typically in both packages, the data is has not been considered in the semver, as the way in which data changes in fluid with standards and browsers and there can be a lot of changes. Usually only the javascript api of the module has been considered in whay type of semver bump it would be.

And note: I removed the pin with this commit. That is up for debate, but I do believe that unless we can get more maintainers around to help with this stuff we plan to optimize for our ability to more quickly ship change in the future, including loosening version ranges like this.

Second edit: I will fix the CI error which is likely because npm that long ago didn't support ^ ranges, but I dont want to waste time until we get good agreement on switching to a range in the first place.

[blakeembrey]

I think that’s correct and we should document the expectation in the readme so people can pin. Anything else is a huge pain to maintain.

Long sidebar:

I have the same issue with pluralize and I just stopped cutting releases until I can rewrite it into a data package + API package so that the data package can bump patches any time and be pinned independent of the data package. We might want to consider a model like that in a future release, so mime-db releases freely and mime-types can just import any version.

[wesleytodd]

@blakeembrey, as discussed in slack I updated the readme to reflect the approach we are taking. Let me know if that is good enough or if you think we need to say more.

[wesleytodd]

We might want to consider a model like that in a future release

I guess I should have addressed this as well. I think I agree with this but it might put more burden on end users. Going this route would be a breaking change, so we can probably just discuss it out of band of this right?

[blakeembrey]

Going this route would be a breaking change, so we can probably just discuss it out of band of this right?

Absolutely, by future release I meant future major version.

[wesleytodd]

Pending this: https://github.com/jshttp/mime-db/issues/331

I am considering pushing forward with this despite this objection. Since folks are not standing up to share other opinions, I am not sure anything presented has changed my opinion. I think that folks who want a different experience should either fork or pin.

That said, we have an opportunity here as we prepare for express v5 to do this one as a major which I think we should take to avoid larger disruption than necessary. If no one objects to that I will re-target this to the next major and work on releasing that.

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/mime-db@1.53.0	None	0	219 kB	wesleytodd

🚮 Removed packages: npm/mime-db@1.52.0)

View full report↗︎