Use strict dependencies among packages

[willemneal]

Currently if I want to depend strictly on a version of @as-pect/cli, the newer versions of other @as-pect packages will be installed to current minor version.

example,

"@as-pec/cli" : "3.0.0-beta.2",

but then the @as-pect/core installed has 3.1.3.

Since we are using as-pect in examples that run in gitpod, we want to be able to lockdown the versions of dependencies. Is there a way to do this with lerna? It would be enough to just use the ~, e.g. ~3.0.0, so that only the patch range is acceptable to upgrade to.

[willemneal]

We're using yarn, and I just discovered that we can use yarn install --freeze-lockfile, which should produce the same results for demos. So now it's rather a discussion on whether the deps should be tighter.

[jtenner]

I'm sorry. I don't understand any of this.

[willemneal]

In npm dependencies are:

• exact: 0.0.0, meaning that any new versions are ignored
• patch level: ~0.0.0, meaning that only versions greater than 0.0.0 and less than 0.1.0 are acceptable
• minor level (this is the default): ^0.0.0, which 0.0.0 < v < 1.0.0

And currently if I were to try to pin to an exact version of @as-pect/cil it would till pick up the newer versions the @as-pect dependencies.

[jtenner]

Ahh. I see. Well I would imagine that as-pect would have to strictly depend on exact package versions for compatibility reasons. The other thought I had is that everyone should always just be using the latest version of as-pect and asc anyway. However, I know this doesn't work practically.

Perhaps it would be wise to see what happens when the package.json files are modified to use exact versions?

[jtenner]

Is this still an issue?

[jtenner]

@willemneal is this still a problem?