-
Notifications
You must be signed in to change notification settings - Fork 15.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mismatched dependency versions #5943
Comments
Do you want to create a PR for this @NewEraCracker ? :) |
I created a PR for the |
There is another one that should be urgently looked at by the maintainers: This is new version it is important to update: https://github.com/pillarjs/encodeurl/releases/tag/v2.0.0 Express is on latest, but Edit: This also affects The workaround for now is (and it may not be possible for everyone if other dependencies use a completely different version):
My two cents. |
For the serve static and send part: #5951 |
For qs: #5946 We are already on I think that means we can close this? |
Oh! https://github.com/expressjs/serve-static/blob/1.x/package.json#L9C6-L9C15 Sorry, I should have seen this. I just bumped that lib with only the send update, I guess we will do another patch. |
And finalhandler: pillarjs/finalhandler#62 and the PR into express: #5954 |
Is there a reason that Express pins dependencies like this? I could maybe see the argument to pin third-party packages (though I'd say this is far more uncommon than not in the JS ecosystem), but it's not clear to me why dependencies from the |
We are removing these pins in v5. This is historical from when the ecosystem was MUCH more volatile and the entire project was primarily maintained by one person. It made more sense then, it makes less sense now. EDIT: You can see we use |
Prepping this release: https://github.com/expressjs/express/compare/4.20.0..4.x |
send@0.19.0 depends on: I'll continue forcing it on my overrides to workaround: |
I propose:
Please see:
ec4a01b#commitcomment-146499333
4c9ddc1#commitcomment-146501448
So, bump where applicable the following two packages:
My two cents.
Related:
The text was updated successfully, but these errors were encountered: