update sqlite3 version to fix install problem

[chicunic]

Sqlite3 updated to v5.0.3 to fix installation problem when Python 2 is not installed. Use Python 3 to instead.

https://github.com/TryGhost/node-sqlite3/commit/573784b60dfbca8d3da6b110f11689b78b1450db

[nolanlawson]

Hi, thanks for reporting. You don't actually need an update from this package. If you delete your yarn.lock / package-lock.json file and re-run yarn install / npm install then you will get the latest version of sqlite3. The reason is that this package is already using the ^ pattern: ^5.0.2.

I don't see a need to update this repo and release a new version, but please let me know if I missed something. Thanks!

[chicunic]

Since yarn.lock was already existed in this repo, it will install 5.0.2.

[brettz9]

Lock files only take effect if you are debugging that repository. If you have node-websql as a dependency, you can control the version it uses for your dev users, though indeed you cannot force an update for regular consumers of your project.

So to fix it for all of your consumers (besides those who fix it themselves with a wholly fresh install), you would have to wait for this project to be updated.

[chicunic]

I see. Thanks very much for your kindly reply.

[nolanlawson]

So to fix it for all of your consumers (besides those who fix it themselves with a wholly fresh install), you would have to wait for this project to be updated.

Even if I merge this PR and release a new version of node-websql, my consumers would have to update their dep version and release a new version in order for their consumers to get the new version. And then their consumers would still need to run npm upgrade / yarn upgrade.

If there is a deep transitive dependency that is out-of-date, and everyone in the dep chain is using ^, then I don't see why every single dependency in the chain needs to update and release a new version. But maybe I'm missing something here.

[brettz9]

None of them "need" to update. It's just convenient when they do, as certain projects do update frequently and check for updates frequently, in the hope that their users can have a uniformly pitfall-free experience (especially for those on slower connections who might not be so readily inclined to do fresh installs if they can avoid it). But for practical reasons (i.e., not everyone has the time or inclination to do so, and we're getting these great open source packages for free), instructing users to run rm -Rf node_modules or npm clean-install works.