Open igorescobar opened 1 year ago
jwagner
commented
1 year ago The PR didn't update the package-lock file. Fixed it on main now and released 2.0.7.
Constantly updating the peerDependency sucks, but not declaring a dependency and just injecting it sucks as well since it can lead to runtime failures. Not sure what a good way to handle this is. Do you have any suggestions @igorescobar ?
igorescobar
commented
1 year ago Hey @jwagner! Sorry about that and thanks for fixing it and releasing it. Yeah, sharp releases minor versions quite often and it must be hard to keep track of it.
If I were you... I would probably be more permissive with the version matching since its very unlikely that with new minor releases smartcrop would break, try something like:
"peerDependencies": {
"sharp": ">=0.30.0 < 1"
},Any version after 0.30 but lower than v1. This would safeguard it for future updates without being super strict I guess 👍
igorescobar
commented
1 year ago Meanwhile, what I did to work around it was adding this to my package.json:
"overrides": {
"smartcrop-sharp": {
"sharp": "$sharp"
}
},Might actually also be worth asking Lovell why sharp is still at a major of zero after all this time and what his interpretation of semver is. It could be that he doesn't interpret it as
initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
I guess another option would be to just set up a recurring action that updates and releases if the tests pass. Need to think about it a bit.
Making sure we can still install it with more recent versions of sharp.