meetup api #119
meetup api #119
Conversation
- For #101
| @@ -36,6 +37,7 @@ | |||
| "google-oauth-jwt": "0.1.7", | |||
| "googleapis": "0.8.0", | |||
| "lodash": "2.4.1", | |||
| "meetup-api": "^1.4.9", | |||
There was a problem hiding this comment.
Looks good, but please always use pinned/fixed versions for reproducible builds.
There was a problem hiding this comment.
I think that's a really bad approach, not to mention that it's ineffective. Almost all packages that are in Node ecosystem use semver approach. Even if we pin a dependency to be a fixed version, it's dependencies might not be fixed. Moreover, by using fixed dependency we are saying no to security and performance patches for that package.
There was a problem hiding this comment.
I feel very strongly that the alternative approach is worse and I have a lot of experience with this to back my claims. It leads to developers not being able to build the app or having different bugs that other developers don't see. It leads to blocked deployments due to breaking changes since the NodeJS ecosystem doesn't actually follow semver and introduces breaking changes in minor/patch releases.
It's good to upgrade dependencies and get perf/security fixes frequently, but it's best to choose when you want your project to break rather than having some rogue developer push something to NPM which brings down apps/builds across the world. Using pinned dependencies, you are in control of when your project breaks and you can do it when you have time to manage the breaking changes rather than right before a major deadline/release when random issues block everything.
There was a problem hiding this comment.
Since we already had these kind of problems in this repo couple of times already, I would also suggest to keep them strict for reproducable builds.
* develop: update(docs): add missing parenthesis update nginx docs update docs add docs for letsencrypt SSL cert with nginx proxy
For #101