![]() Do I need both package-lock.json and package. Do I commit the package-lock.json file created by npm 5 268. Your dependency defines a broad version range and your sub-dependency just got a problematic update so you want to pin it to an earlier version.Īdd a resolutions field to your package. But when using PNPM we -> always <- need to go into the package.json and add carets or even full version numbers after installing. Whats the difference between tilde() and caret() in package.json 2330. You know the upgrade would not break things and you also don’t want to fork the package you are relying on, just to update a minor dependency. You are relying on an unmaintained but working package and one of its dependencies got upgraded. In this case, if the version range specified by your direct dependency does not cover the new sub-dependency version, you are stuck waiting for the author.Ī sub-dependency of your project got an important security update and you don’t want to wait for your direct-dependency to issue a minimum version update. For example, In my package.json i have this dependency 'tanstack/react-query': '4.13.5' But while installing, pnpm gives this message tanstack/react-query 4.13.5 (4.29. You may be depending on a package that is not updated frequently, which depends on another package that got an important upgrade. PNPM seems to install exactly the version specified in package.json and doesnt seem that to install the latest minor version. See the Selective Versions Resolutions RFC for the full spec. Require manual edits in the yarn.lock file. Yarn supports selective version resolutions, which lets you define custom package versions or ranges inside your dependencies through the resolutions field in your package.json file.
0 Comments
Leave a Reply. |