Versioning of dependent victory projects is uncoupled from main victory version

[jleider]

Bugs and Questions

Checklist

• This is not a victory-native specific issue. (Issues that only appear in victory-native should be opened here)

• I have read through the FAQ and Guides before asking a question

• I am using the latest version of Victory

• I've searched open issues to make sure I'm not opening a duplicate issue

The Problem

Including victory within package.json at a specific version is not sufficient to prevent newer versions of dependent libraries such as victory-area, victory-axis, etc from pulling newer versions due to the dependencies being listed in package.json with the ^ version modifier (https://github.com/FormidableLabs/victory/blob/main/packages/victory/package.json#L22-L47).

Can I suggest having a 1 for 1 mapping of dependency versions? That way if a user specifies [email protected] they will get all the dependent packages at 1.2.3. The only way to lock all these packages to a specific version currently is to list every dependency in your own package.json at the version specified.

Expected package.json

...
"victory": "35.2.0"
...

Required package.json to lock to a specific version

...
"victory": "35.2.0",
"victory-area": "35.2.0",
"victory-axis": "35.2.0",
"victory-bar": "35.2.0",
"victory-box-plot": "35.2.0",
"victory-brush-container": "35.2.0",
"victory-brush-line": "35.2.0",
"victory-candlestick": "35.2.0",
"victory-chart": "35.2.0",
"victory-core": "35.2.0",
"victory-create-container": "35.2.0",
"victory-cursor-container": "35.2.0",
"victory-errorbar": "35.2.0",
"victory-group": "35.2.0",
"victory-histogram": "35.2.0",
"victory-legend": "35.2.0",
"victory-line": "35.2.0",
"victory-pie": "35.2.0",
"victory-polar-axis": "35.2.0",
"victory-scatter": "35.2.0",
"victory-selection-container": "35.2.0",
"victory-shared-events": "35.2.0",
"victory-stack": "35.2.0",
"victory-tooltip": "35.2.0",
"victory-voronoi": "35.2.0",
"victory-voronoi-container": "35.2.0",
"victory-zoom-container": "35.2.0",
...

[boygirl]

We're using lerna to publish packages, and we are using locked mode. You can read about it here: https://github.com/lerna/lerna#fixedlocked-mode-default

for patch and minor version bumps, lerna publishes only the packages that have changes, so it's possible to end up in a situation where victory-bar is 35.2.2 and victory-core is 35.2.0. The resulting [email protected] package will use [email protected]. For major version bumps, all packages get bumped regardless of changes. In the vast majority of cases, this is the behavior you want, but when we create a regression in a non-major version it does cause a problem for folks who are importing from the main victory package rather than the individual packages.

I'll see if it's possible to cause just the main victory package to use exact versions since that package does get updated with every release.

[jleider]

That makes sense. If you cant lock the versions for the main victory package perhaps instead of using ^ you can use ~ so at least any floating versions will only float for their patch versions. That should hopefully reduce the possibility of regressions between minor versions while still maintaining the ability to release sub project patches independently.