On 9/4/19 9:14 PM, Thomas De Schampheleire wrote:
The recommendation is thus to commit this file to the repository, but I assume it also means we should keep it up-to-date frequently for bugfixes.
We already lock package.json at specific versions, so I guess we just as well also could pin all dependencies.
Alternatively, we could leave package.json with more open ranges, similar to how we handle pip dependencies.
But let's just keep it simple, commit the lock, and specify which version we use and test.
/Mads _______________________________________________ kallithea-general mailing list kallithea-general@sfconservancy.org https://lists.sfconservancy.org/mailman/listinfo/kallithea-general
