heroku-node-telegram-bot icon indicating copy to clipboard operation
heroku-node-telegram-bot copied to clipboard

Published 20 hours ago verified publisher icon odditive

Up-to-date dependencies

Open serl opened this issue 7 years ago • 5 comments

The dependencies quickly became outdated.

I propose to not explicit any dependency on the package.json file and instruct people to run something like npm install --save body-parser express node-telegram-bot-api to directly have last versions. (Or maybe future updates will break everything? What do you think?)

Cheers! (and thanks for this little starter, very useful!)

serl avatar Jul 02 '17 15:07 serl

Hello, @serl.

Well, this is a reasonable idea, but I would like to have all dependencies at one place.

In fact, I want it to use yarn - we can discuss it with you. I want to rely on latest versions.

Hovewer, it requires some housekeeping. At least I need to write down some tests for this and check whether it works every time new version of the dependecy will be released.

I would really like to move to the latest packages. This way I would like to know whether something breaks. I know that people will open issues, but I need to google for a toll which may automatically check dependencies. Do you know any?

Let's discuss it here and I will also think about it in the meantime to plan it for the next release.

Thank you for your help and great ideas. Have a good day!

volodymyrlut avatar Feb 02 '18 13:02 volodymyrlut

I'm not (yet :D) an expert, but I don't really see how yarn could resolve the issue (looks like it's reading package.json as npm does, right?).

Anyway, to have latest version I see only these options:

  • Put * as version in packages.json - but it could be annoying for users, they would always have latest versions, while they would prefer having ^version to prevent random incompatibilities on re-deploy.
  • Let the users install the dependencies by hand and save them in package.json, as I said in my first message - but if breaking changes arrive, they are not going to know which versions of the dependencies were supposed to work, and that's not nice. Also, as you said, you'll know after the fact.
  • Have something like a Jenkins job periodically checking latest versions, update package.json and run tests. Everyone is happy, but there's some work to do, and maybe it's overly complicated..?

serl avatar Feb 11 '18 14:02 serl

@serl using yarn is not related to keeping latest versions. You are right - it's relying on package.json. I just find it more secure. Let's close this question for now.

About packages. I really don't like first two ideas - but the third one seems pretty awesome.

It's complicated - but a good code needs tests anyway - so I will add them in the next version definitely. Running a Jenkins job to update dependencies them seems pretty ok and I can use it for some other projects I am developing. Will consider doing this. If you want to help me - drop a line here to coordinate. Thank you much!

volodymyrlut avatar Feb 12 '18 12:02 volodymyrlut

I'd like to, but honestly this would be my first Jenkins "thing"... but also a good excuse to start playing with it, so why not!

serl avatar Feb 14 '18 12:02 serl

Ok, @serl, let's coordinate using telegram on this. Can you drop me a line there? My username is @volodymyrlut

volodymyrlut avatar Feb 14 '18 15:02 volodymyrlut