Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[pickers] Increase min moment peer dependency version #8046

Merged
merged 1 commit into from
Feb 27, 2023
Merged

[pickers] Increase min moment peer dependency version #8046

merged 1 commit into from
Feb 27, 2023

Conversation

oliviertassinari
Copy link
Member

@oliviertassinari oliviertassinari commented Feb 25, 2023
edited
Loading

@oliviertassinari oliviertassinari added breaking change component: pickers This is the name of the generic UI component, not the React module! security Pull requests that address a security vulnerability labels Feb 25, 2023
@mui-bot
Copy link

mui-bot commented Feb 25, 2023

Messages
📖 Netlify deploy preview: https://deploy-preview-8046--material-ui-x.netlify.app/

These are the results for the performance tests:

Test case Unit Min Max Median Mean σ
Filter 100k rows ms 623.6 1,017.3 627.7 785.88 150.744
Sort 100k rows ms 601 1,207 844.2 925.22 199.372
Select 100k rows ms 165.6 304.7 274.9 253.54 52.84
Deselect 100k rows ms 140.6 403.9 193.5 230.84 90.806

Generated by 🚫 dangerJS against 1b0faee

@LukasTy LukasTy changed the title [pickers] Increase min moment peer dependency version [pickers] Increase min moment peer dependency version Feb 27, 2023
LukasTy
LukasTy approved these changes Feb 27, 2023
View reviewed changes
Copy link
Member

@LukasTy LukasTy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍
Is it really a breaking change if we are bumping the peer dependency version a few patches up? 🤔
I mean that if we do back-port it to master and release in v5, what kind of a bump would you suggest? Minor? 🤔

@oliviertassinari oliviertassinari merged commit f1716c7 into mui:next Feb 27, 2023
@oliviertassinari oliviertassinari deleted the moment-security branch February 27, 2023 15:42
@oliviertassinari
Copy link
Member Author

oliviertassinari commented Feb 27, 2023
edited
Loading

Is it really a breaking change if we are bumping the peer dependency version a few patches up? 🤔
I mean that if we do back-port it to master and release in v5, what kind of a bump would you suggest? Minor? 🤔

@LukasTy I haven't tried but I think that it could break installations because of https://github.blog/2021-02-02-npm-7-is-now-generally-available/#peer-dependencies

Screenshot 2023-02-27 at 16 49 27

https://stackoverflow.com/questions/66239691/what-does-npm-install-legacy-peer-deps-do-exactly-when-is-it-recommended-wh

So I imagine that on v5, either developers use the latest version and it won't change much for them, or they use an older version and it will break. No real preference, I didn't work on master because it wasn't worth it, relative to my role vs. the other problems I can spend time on solving.

@LukasTy
Copy link
Member

LukasTy commented Feb 27, 2023

Yes, it could potentially be an issue, but that would require some interesting setup, where some package would have either a specific moment version or lower or equal (<=) to the one we need t bump to.
I do understand, that technically this is a breaking change and releasing under a minor/patch bump would not be strictly semver.
TL.DR.: Sure, we can avoid the change in v5. The potential risk might not be worth it, because end-users can update the used library version as they see fit. 👌

@oliviertassinari oliviertassinari mentioned this pull request Apr 9, 2023
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LukasTy LukasTy LukasTy approved these changes

Assignees
No one assigned
Labels
breaking change component: pickers This is the name of the generic UI component, not the React module! security Pull requests that address a security vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@oliviertassinari @mui-bot @LukasTy