-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: add undeclared dependency lodash
#43
fix: add undeclared dependency lodash
#43
Conversation
Can we get this merged? This is breaking some of our builds where we rely on "strictness" i.e. all packages requiring their dependencies to be declared. Thanks so much! |
@alexiscordova think you can take a look? Thanks! |
Yarn v3 ships with this fix builtin, if you're on v2 you can use https://yarnpkg.com/configuration/yarnrc#packageExtensions, and if you're using pnpm you can use https://pnpm.io/package_json#pnpmpackageextensions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small change and I can get this in. Thank you!
package.json
Outdated
@@ -19,7 +19,8 @@ | |||
"lint": "standard" | |||
}, | |||
"dependencies": { | |||
"invariant": "2.2.4" | |||
"invariant": "2.2.4", | |||
"lodash": "^4.17.21" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you can remove the ^
character, this should be good to go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@merceyz 👆
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't get why you want that but sure
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Internally we use specific version numbers for security purposes. It's something we're hoping to change in the future once we can convince the right teams, but for the time being this is the approach we have to take. Thanks for making this change!
Are we going to be able to get this merged now? This and the other one salesforce-ux/query-ast#25 too. Thanks! |
@alexiscordova - can you follow-up on this? |
@iclanton I don't work for Salesforce anymore, but @Dottenpixel might be able to help |
Thanks for your contribution @merceyz! We'll look to publish a new NPM package version asap. |
No rush on my end, Yarn has been shipping this fix for a while. |
What's the problem this PR addresses?
scss-parser
depends onlodash
but doesn't declare it as a dependencyHow did you fix it?
Added
lodash
as a dependency