lukeed
commented
4 years ago Realistically, postcss should be a peerDependency anyway.
This is a common problem throughout the PostCSS plugin ecosystem.
Closed lukeed closed 3 years ago
lukeed
commented
4 years ago Realistically, postcss should be a peerDependency anyway.
This is a common problem throughout the PostCSS plugin ecosystem.
aredridel
commented
3 years ago Now that postcss is a peer dependency, this throws a warning; with npm 7, it becomes a hard stop. Making the peer dependency on postcss ^8.1.2 would help immensely.
lukeed
commented
3 years ago No. This is still an issue: https://github.com/postcss/postcss-url/blob/18ecf75d2efc8fd499082ca35917192a04aff119/package.json#L26-L29
realityking
commented
3 years ago With #156 this is now much improved as it uses the ~ operator :)
lukeed
commented
3 years ago Improved but not solved. You should still be trusting dependencies' ability to respect semver & only introduce breaking changes in new major versions.
The changes here collect all patch updates, but still require that you/the maintainers here manually update the minor versions (even if new the features aren't used). Otherwise, this package will still be pulling in old & outdated versions of packages during npm install when the rest of the toolchain is pulling in latest copies... and this is what the issue was about.
Closing as it's an improvement.
realityking
commented
3 years ago @lukeed Note I’m not the maintainer - I just made that PR to get easier access to mine’s patch releases. Ultimately it’s up to @sergcen to decide what he wants to do.
lukeed
commented
3 years ago Right :) "you" as in if you're willing to keep opening PRs haha
sergcen
All dependencies are pinned to exact versions - including
postcssThis means that anyone using
postcss+postcss-urltoday will have 2+ copies of PostCSS active in their toolchain.