Closed kleydon closed 3 years ago
kleydon
commented
3 years ago @wSedlacek: Currently, we've got:
"peerDependencies": {
"@prisma/client": "*",
"express-session": "*"
},I'm considering changing this to:
"peerDependencies": { "@prisma/client": "^2.16.1", "express-session": "^1.17.3" },
Do you foresee any issues with this, or anything more clever we could do to avoid future version mis-matches?
wSedlacek
commented
3 years ago Using strictly ^2.16.1 and ^1.17.3 will mean that we need to release new versions every time that either of these packages perform any minor release.
Maybe we should use >=2.16.1 and >=1.17.3 or something like that.
If you want a ceiling and floor then you could use something like
2.16.1-2.x
kleydon
commented
3 years ago Thanks. Going to start with >= checks, and revisit/revise, if/when it makes sense.
Currently, the version of prisma and express-session is set to *; great for when Prisma was updating so frequently without breaking changes, but now potentially problematic - since Prisma and express-session have evolved (and probably will continue to evolve), such that past and future versions cannot easily be compatible with the same version of this library.
Should we simply choose a "floor" version for dependencies, and rely on semantic versioning to handle the ceiling? Are there alternate/better approaches to consider? If we did this: What should the floor be for Prisma and express-session?