Great video, there is also the "updtr" cli tool that update each outdated dependency one by one and run an "npm test" to control each dependency update.
Really useful stuff. Typescript went from 3.2.2 -> 3.3.3333 does that mean they fixed 3331 bugs? :D Just kidding but I still wonder why they chose to increment by such a large number...
This is a little confusing. Semantic versioning states that a change in the major version indicates a breaking change. But then you state that the minor change of type-graphql indicates a breaking change. Is that because the major version number is less than 1. It seems bad that the rules are different for a package with a major version of 0!
Some people don't follow Semantic Versioning, some try to but fail doing it properly. It sucks but it is what it is. This is why you should always check the notes for breaking changes. There's no real standard but Semantic Versioning seems to be the most accepted and used. Some devs might reserve big v.#.0.0 for big changes or redesigns because it sounds fancy or marketing reasons. "React 2.0 is out!" gets some attention as if it's an all new "React 2".
I am missing a bit of info on regular upates due to security vulnerabiliteis etc and how best to deal with updating in case of version conflicts in required dependencies, peer dependencies etc. Any thoughts on that?
Hey Ben, i try to create a react project, i found 86 vulnerabilities 4 of them are high ReDoS, and npm audit fix, couldn't fix any... what do you do in such case