Package dependencies don't use semver & can cause double-bundling

[berickson1]

Describe the bug
In package.json, the listed package dependencies use a fixed versions. This causes double-bundling of modules in our client.
See:

js-sdk-common/package.json

Line 77 in e4d1332

"uuid": "3.3.2"

Since launchdarkyl relies on uuid@3.3.2 explicitly, any package/app that relies on a newer version (say ^3.3.3 or better) will have the uuid package bundled twice.
The same occurs for all the other dependencies - @babel/polyfill, base64-js, fast-deep-equal & uuid

To fix this, you can change all of your dependencies to use the semver caret (^).

To reproduce
Clone https://github.com/berickson1/Playground
cd launchDarklyExample
npm install

Expected behavior
node_modules should contain one (and only one) copy of the uuid package

Actual behavior
node_modules contains two copies of the uuid package:
node_modules/uuid
node_modules/launchdarkly-js-sdk-common/node_modules/uuid

SDK version
3.1.1

OS/platform
Platform agnostic

Additional context
Add any other context about the problem here.

[eli-darkly]

Good point. There's a similar issue in the js-client-sdk project; we'll fix those together in the next patch release.

[berickson1]

Great! Thanks for the quick reply. I'll keep an eye out for the next release to resolve this :)

[eli-darkly]

Just released launchdarkly-js-client-sdk 2.16.3 with this fix.

[berickson1]

We're also consuming react-client-sdk, which relies on launchdarkly-js-client-sdk@2.16.0, any chance you can bump the version there too?
https://github.com/launchdarkly/react-client-sdk/blob/d2c9318be1ded654f7a5089df1c5331d0df14402/package.json#L59

[eli-darkly]

@berickson1 Yes, it will be bumped in the next release.

[eli-darkly]

Released launchdarkly-react-client-sdk 2.17.1 with the corresponding fix.