Great video, there is also the "updtr" cli tool that update each outdated dependency one by one and run an "npm test" to control each dependency update.
I am missing a bit of info on regular upates due to security vulnerabiliteis etc and how best to deal with updating in case of version conflicts in required dependencies, peer dependencies etc. Any thoughts on that?
This is a little confusing. Semantic versioning states that a change in the major version indicates a breaking change. But then you state that the minor change of type-graphql indicates a breaking change. Is that because the major version number is less than 1. It seems bad that the rules are different for a package with a major version of 0!
Some people don't follow Semantic Versioning, some try to but fail doing it properly. It sucks but it is what it is. This is why you should always check the notes for breaking changes. There's no real standard but Semantic Versioning seems to be the most accepted and used. Some devs might reserve big v.#.0.0 for big changes or redesigns because it sounds fancy or marketing reasons. "React 2.0 is out!" gets some attention as if it's an all new "React 2".
Really useful stuff. Typescript went from 3.2.2 -> 3.3.3333 does that mean they fixed 3331 bugs? :D Just kidding but I still wonder why they chose to increment by such a large number...
Hey Ben, i try to create a react project, i found 86 vulnerabilities 4 of them are high ReDoS, and npm audit fix, couldn't fix any... what do you do in such case
![[#2024MAMA] ROSÉ (로제), Bruno Mars - APT. | Mnet 241122 방송](http://i.ytimg.com/vi/dgGqD28J6aQ/mqdefault.jpg)
Great video, there is also the "updtr" cli tool that update each outdated dependency one by one and run an "npm test" to control each dependency update.
Thxs Dimitri! This tool is indeed really helpful. Gave it a quick try and it works like charm 👍
I use npm-check -u for interactive updates
these pro-tip videos are really helpful
It helped me to avoid a lot of troubles i got before! thx u!
npm WARN deprecated core-js@2.6.11: core-js@
Amazing video bro it helped me a lot even after spending 30 mins on net I didn't got clarity like your video
Why not use yarn upgrade-interactive --latest which also shows you if the an update will be breaking or not.
I like that one too, but it behaves a little weird when using it inside a yarn workspace. But for regular projects it has worked great for me
@@bawad It's actually worked quite well for me in work spaces, but work spaces are still relatively new and might need more development time.
Very useful! Thanks, Ben 👍👍👍
I am missing a bit of info on regular upates due to security vulnerabiliteis etc and how best to deal with updating in case of version conflicts in required dependencies, peer dependencies etc. Any thoughts on that?
This is a little confusing. Semantic versioning states that a change in the major version indicates a breaking change. But then you state that the minor change of type-graphql indicates a breaking change. Is that because the major version number is less than 1. It seems bad that the rules are different for a package with a major version of 0!
Some people don't follow Semantic Versioning, some try to but fail doing it properly.
It sucks but it is what it is. This is why you should always check the notes for breaking changes. There's no real standard but Semantic Versioning seems to be the most accepted and used.
Some devs might reserve big v.#.0.0 for big changes or redesigns because it sounds fancy or marketing reasons. "React 2.0 is out!" gets some attention as if it's an all new "React 2".
Really useful stuff. Typescript went from 3.2.2 -> 3.3.3333 does that mean they fixed 3331 bugs? :D Just kidding but I still wonder why they chose to increment by such a large number...
Hey Ben, i try to create a react project, i found 86 vulnerabilities 4 of them are high ReDoS, and npm audit fix, couldn't fix any... what do you do in such case
I wasn't allowed to download ncu onto my macbook bc it said "rejected by your operating system, likely you do not have permissions"
Ben Awad Habebi you are the best
i use version lens vs code extension to show me out of date dependencies
that looks sweet, I'm going to give it a try thanks!
yarn upgrade-interactive --latest
volume is little low
noted, thanks