piranna
commented
4 years ago If projects follow a correct semver, dependencies will always get the latest patch version, and minors would just only add new features without backward compatible problems, so the only ones we should worry about in an automated process are dependencies major versions. In that case, according to https://github.com/semver/semver/issues/148#issuecomment-22027617 we should only upgrade patch version if we needed to do some changes in the code to use that new version, if not then version gets untouched. We should check versions semver and maybe change their range to a more permisive ones to use latest version, in that case since it's a change then it would need to be published.
Check the dependencies with node check updates package and publish a new version. It needs to get investigated if they should be always published as a patch or use a more intelligent strategy, like increase minor for deps majors, patch for deps minors and nothing for deps patches.