search

tajo / ladle

🥄 Develop, test and document your React story components faster.
https://www.ladle.dev
MIT License
2.63k stars 93 forks source link

Allow more flexibility in dependency version ranges #445

Closed wojtekmaj closed 1 year ago

wojtekmaj commented 1 year ago

Is your feature request related to a problem? Please describe.

There are several dependencies that are locked at very specific version numbers, for reasons I may be not knowlegeable enough to understand. This distrust in semver is often justified, but I'd like to ask you to reconsider more flexible dependency version ranges. For example, vite is locked at 4.2.something (can't be bothered to check on mobile) and therefore, a security update to vite can't be automatically applied and using @ladle/react at the moment causes security alerts to trigger on GitHub and other platforms.

Describe the solution you'd like

^x.y.z :D

Describe alternatives you've considered

Yarn resolutions makes it possible to work around the issue, but it's messy and fixes the problem only in one place at a time.

tajo commented 1 year ago

Yea, vite can be unpinned (there is PR). There are some issues with vite-tsconfig-paths and mdx packages. I have to double check swc plugin but that should be probably unpinned too now.

wojtekmaj commented 1 year ago

There's no PR for unpinning vite, there's PR for updating 🤔

tajo commented 1 year ago

Vite is unpinned, other pins are necessary.