mike-jumper commented on a change in pull request #616:
URL: https://github.com/apache/guacamole-client/pull/616#discussion_r644451733
##########
File path: guacamole/src/main/frontend/package.json
##########
@@ -0,0 +1,35 @@
+{
+ "private": true,
+ "scripts": {
+ "build": "webpack --progress"
+ },
+ "dependencies": {
+ "@simonwep/pickr": "1.8.1",
+ "angular": "1.8.2",
+ "angular-route": "1.8.2",
+ "angular-templatecache-webpack-plugin": "^1.0.1",
Review comment:
Reading up on this a bit, it seems the best approach is to use `^`
except where there's a specific reason not to:
* It's the default for npm and therefore the least surprising to anyone
already well-steeped in that ecosystem.
* It avoids duplicating the duty of `package-lock.json`, which we are
including in version control here following the _other_ established best
practice for npm.
I definitely prefer the Maven approach of absolute reproducibility by
default (with the Maven equivalent to `^` and `~` being considered bad practice
and almost never used), but we're stuck with the npm approach here.
I'll update to 🥕s everywhere.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
