Bump aws-sdk from 2.127.0 to 2.134.0 #144
Conversation
![dependabot-preview[bot]](https://avatars.githubusercontent.com/in/2141?s=60&v=4){kind=small}
Bumps [aws-sdk](https://github.com/aws/aws-sdk-js) from 2.127.0 to 2.134.0. - [Release notes](https://github.com/aws/aws-sdk-js/releases) - [Changelog](https://github.com/aws/aws-sdk-js/blob/master/CHANGELOG.md) - [Commits](aws/aws-sdk-js@v2.127.0...v2.134.0)
|
@dependabot - My yarn.lock contains two versions of aws-sdk. One which is a direct dependency, one which is a dependency of a dependency. You've just upgraded the direct dependency, even though the dependency of the dependency can also be upgraded. This is the default behaviour of |
|
Interesting, thanks for the feedback - we’ll have a think. Are there any cases where you wouldn’t want that behaviour? (I think you have to @dependabot on any reply - I’ll change that, but for now it’s the case.) |
|
@dependabot I'm not sure. I assumed yarn would work that way by default, but because it doesn't, perhaps there are subtleties I'm missing. If the sub-dependency is specified in a way that means it's compatible with the newer version, and the tests pass, I see no reason not to include that change. I can envisage having different versions all over the place causing more problems than the risk of upgrading dependencies (e.g. incompatible objects being passed around, multiple singletons, hard-to-track down bugs, etc). See here for more discussion: yarnpkg/yarn#2394 |
|
Superseded by #145. |
Bumps aws-sdk from 2.127.0 to 2.134.0.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase?.If you'd like to skip this version, you can just close this PR. If you have any feedback just mention @dependabot in the comments below.