Closed lukeed closed 3 years ago
Realistically, postcss
should be a peerDependency
anyway.
This is a common problem throughout the PostCSS plugin ecosystem.
Now that postcss is a peer dependency, this throws a warning; with npm 7, it becomes a hard stop. Making the peer dependency on postcss ^8.1.2
would help immensely.
No. This is still an issue: https://github.com/postcss/postcss-url/blob/18ecf75d2efc8fd499082ca35917192a04aff119/package.json#L26-L29
With #156 this is now much improved as it uses the ~
operator :)
Improved but not solved. You should still be trusting dependencies' ability to respect semver & only introduce breaking changes in new major versions.
The changes here collect all patch updates, but still require that you/the maintainers here manually update the minor versions (even if new the features aren't used). Otherwise, this package will still be pulling in old & outdated versions of packages during npm install
when the rest of the toolchain is pulling in latest copies... and this is what the issue was about.
Closing as it's an improvement.
@lukeed Note I’m not the maintainer - I just made that PR to get easier access to mine’s patch releases. Ultimately it’s up to @sergcen to decide what he wants to do.
Right :) "you" as in if you're willing to keep opening PRs haha
All dependencies are pinned to exact versions - including
postcss
This means that anyone using
postcss
+postcss-url
today will have 2+ copies of PostCSS active in their toolchain.