Our dependency update process update some google packages but that lead to downgrades of some transitive dependencies. Some newer dependency versions seem to depend on pinned older versions of other libraries which lead to downgrades in our repository.
Is this an intentional behavior? I see two possible solutions:
- Use caret-style versions to allow newer versions.
- Always update the versions once an update happens in this monorepo so everyone pulls the latest version.
Examples:
google-gax is forced to an older version of google-auth-library@10.5.0:
gcp-metadata is forced to an older version of gaxios@7.1.3:
google-auth-library is forced to an older version of gcp-metadata@8.1.2:
google-api-commons is forced to older versions of gaxios@7.1.3 and google-auth-library@10.5.0:
Our dependency update process update some google packages but that lead to downgrades of some transitive dependencies. Some newer dependency versions seem to depend on pinned older versions of other libraries which lead to downgrades in our repository.
Is this an intentional behavior? I see two possible solutions:
Examples:
google-gaxis forced to an older version ofgoogle-auth-library@10.5.0:gcp-metadatais forced to an older version ofgaxios@7.1.3:google-auth-libraryis forced to an older version ofgcp-metadata@8.1.2:google-api-commonsis forced to older versions ofgaxios@7.1.3andgoogle-auth-library@10.5.0: