What's changed in 0.12.6

[sarveshbathija]

All I can see is version numbers being updated? This version break support for jquery v1. Thanks.

[Pictor13]

Mostly is about my commit.
It fixes the Travis-CI integration, that was preventing the new pull-requests to pass the tests and be merge-able.

I think your problem is with the 0.12.5, that breaks the support to jQuery 1.* with this commit, forcing the installation to "jquery": "^3.3.1".

Do you have specific problems in using a more recent version of jQuery?
Do you have other libraries/code that rely on jQuery 1.7.*?

[graingert]

The peerDep should still allow jQuery 1.7

[graingert]

I think your problem is with the 0.12.5, that breaks the support to jQuery 1.* with this commit, forcing the installation to "jquery": "^3.3.1".

0939f27#diff-b9cfc7f2cdf78a7f4b91a753d10865a2R39 is a devDep and won't have any effect on users downloading this app.

[graingert]

Here's a video showing how you're able to install jquery 1 and selectize together: https://asciinema.org/a/7HXAXN2AemPv7yueiAX2CQt0Y

[Pictor13]

EDIT: solved. Skip this post.

I tried:

• mkdir projectname && cd projectname
• npm init
• npm install [email protected]
• npm install selectize

I get

├── UNMET PEER DEPENDENCY [email protected]
└─┬ [email protected]
├── [email protected]
...
npm WARN [email protected] requires a peer of jquery@^1.7.0, ^2, ^3 but none was installed.

https://asciinema.org/a/Y9f6Dda3rE40YG6zgFrPtwssx

Not sure why am not getting your same result; I am not much an expert with package control systems.
However, I've read that peerDependencies are not installed anymore automatically. Could that be the problem?
If yes, I guess we want to maintain everything to work automatically without having to solve conflicts manually (since we anyway allow quite a wide range of versions for jQuery [almost all of them], so conflicts should practically not happen).

Again, I am learning more about it in these days, so I am not totally sure what I am talking about 😅, just trying to help.

[graingert]

@Pictor13 you forgot the --save

[graingert]

However, I've read that peerDependencies are not installed anymore automatically. Could that be the problem?

No that's not a problem

If yes, I guess we want to maintain everything to work automatically without having to solve conflicts manually (since we anyway allow quite a wide range of versions for jQuery [almost all of them], so conflicts should practically not happen).

I don't see any reliable reports of conflicts

[Pictor13]

@Pictor13 you forgot the --save

Check ✔︎

No that's not a problem

Ok, let's see if I understood.

We upgraded jQuery to fix the latest vulnerabilities.

1. This is a a new requirement (new default installed version)

• Am not sure about semver guidelines here; should we mark as breaking changes? Or maybe there's no need, because peerDependencies already allows the user to fix a specific dependency version? (and then a +1 to version patch is enough)

2. If an user needs to stick to an old jQuery version, then *he can do it (cause of peerDependencies) pointing it with npm install --save jquery@^1.7.3 in its own custom_project

• responsibility of tuning the package.json as needed is up to the user, if *he wants to stick to some old/buggy/vulnerable version. We press for the version with critical vulnerabilities fixed.
• otherwise, if not specified in the project, the user gets whatever version the package control resolves.

Right?

I was thinking if @sarveshbathija issue is because jQuery has been moved to devDependencies so doesn't get installed, while it actually is a runtime library and should stay in dependencies (as sifter and microplugin). I've made a pull-request about it (#1430); I think that makes sense (and hopefully solves his problem).

[graingert]

We've got no idea what @sarveshbathija's issue is because it's not been adequately described