I noticed we pin packages using the npm caret ranges, which allow packages to be updated to the latest y-version, i.e. 1.2.3 can be updated to 1.3.0. We have seen a few issues related to pulling in new y-versions. These include broken tests, dev environments, etc…
I am wondering if we should move many of our packages to npm tilde ranges and specifically update them when needed. This means they won’t update y-version, but will update z-version. i.e. 1.2.3 will update to 1.2.4, but not 1.3.0.
I know in Foreman’s Gemfile we use a variety of ranges per gem depending on what we need. I wonder if we also be more specific for npm packages?
I don’t know if there are historical reasons to use the caret ranges so apologies if I am missing something. I can see the downside of this approach being that we have to manually monitor and update packages to y-versions, but the upside is we would see less unintended breakages.
Curious to hear everyone’s thoughts.