DEP Update JS dependencies

[emteknetnz]

Issue https://github.com/silverstripeltd/product-issues/issues/505

[michalkleiner]

Just to confirm, @emteknetnz, updating the package.json file isn't necessary to get the updates that are in the yarn.lock file, right?

Just wondering if this is the case of running a generic yarn upgrade or whether it's specifically about the @silverstripe/eslint-config package, in which case we wouldn't need the package.json update at all, or could as well update all other constraints to their latest.

[emteknetnz]

It seemed like the caret ^ on 0.0.x versions may not actually do anything, hence why I bumped it

[michalkleiner]

TIL from https://github.com/npm/node-semver#caret-ranges-123-025-004

^ allows changes that do not modify the left-most non-zero element in the [major, minor, patch] tuple.
... and no updates for versions 0.0.X.

In that case I wonder if there's a way how to update only the single dependency and its nested dependencies and not update other stuff, similarly to the difference between what composer require single/package:version vs composer update does, and whether we care in the ever-changing world of npm package versions.

[emteknetnz]

@maxime-rainville ^ might be worth releasing eslint 0.1.0 for this reason so that the caret actually does something

[maxime-rainville]

In SEMVER, the >=0.0.0 <1.0.0 interval has a special meaning and set of rules. Going from 0.1.0 to 0.2.0 is considered a major release. So if you have a composer constraint like ^0.1.0, it will let you installed 0.1.2 but not 0.2.0.

NPM works the same way.

I can release @silverstripe/eslint-config: 0.1.0 if you want, but you'll have to update the constraint for it to be installable.

[emteknetnz]

Yeah I think release it, I'm happy to update all the various package.json's on all the modules (at a slightly later date)

[maxime-rainville]

LGTM