Open ccll opened 9 years ago
+1
My coworker and I were talking about this today, re: the best way to add a new dependency to a project. We both agreed that we tend to rm Goopfile.lock; goop install
after adding the new dependency to the Goopfile
. The problem with that is that we may inadvertently take an update we don't want for another dependency.
Is this the preferred workflow? I suspect if it is then people must lock every other dependency to a sha or tag in order to prevent unwanted changes coming down.
goop
is so GREAT and I love it! Used it alot since I found it, thanks a lot for the tool.But I have a minor problem recurring in my development process, in the process I often need to add new dependencies to the project, but I have problems installing ONLY the new dependencies without touching others. The first thing I tried was adding an entry in the Goopfile then
goop install
, butgoop install
just ignore the changed Goopfile and picked-up the content of Goopfile.lock. Then I triedgoop update
, it do install the new dependencies, but as the help text indicates it also update all dependencies to latest version, I'd rather not to do it this way as it may compromise the stability of my project. Then I tried adding entries directly in Goopfile.lock thengoop install
, but this does not add entries of 'dependencies of dependencies' to the Goopfile.lock, thus leaving unlocked versions flying around.So what should I do in this situation? I think my use case is a very general one, so maybe there is already a way to do it and I missed it.